Primary

Context

Microsoft Active Directory Federation Server Spoofing Vulnerability

Vulnerability

A spoofing vulnerability has been identified in Active Directory Federation Server. This vulnerability allows an attacker to manipulate user interactions in a way that could lead to unauthorized actions being performed on behalf of the user.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed by users, potentially allowing attackers to bypass security controls or impersonate users.

Remediation

Users can apply the security update KB5049993 for Windows Server 2016, KB5050009 for Windows Server 2025, KB5049984 for Windows Server 2022 (23H2 Edition, Server Core installation), KB5049983 for Windows Server 2022, and KB5050008 for Windows Server 2019. These security updates are available through the Microsoft Update Catalog.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Active Directory Federation Server Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Active Directory Federation Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating