CVE-2017-0159

Published: Apr 12, 2017Modified: May 13, 2026

3.7

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

Affected (4)

Products: Microsoft: Windows 10, Windows Server 2012, Windows Server 2016

3 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	Version 1607
Microsoft Windows 10	Version 1703
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2016	All versions

References (6)

http://www.securityfocus.com/bid/97449

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038243

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/97449

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038243

Source: af854a3a-2127-422b-91ae-364da2661108

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.