An AD FS Vulnerability may lead to Elevation of Privilege on recent Windows Server versions

Reading Time: 2 minutes

Windows Server

This week, on its Patch Tuesday for July 2022, Microsoft released a patch that addresses a vulnerability (CVE-2022-30215) in Active Directory Federation Services (AD FS).

 

About the vulnerability

An Elevation of Privilege (EoP) vulnerability exists in Active Directory Federation Services (AD FS). The vulnerability can be exploited over the network and an attacker who successfully exploited this vulnerability could gain domain administrator privileges.

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

 

COMMON VULNERABILITY SCORING

With a CVSS v3.1 score of 7.5/6.5, the vulnerability is rated Important.

 

Affected Operating Systems

The following Operating Systems are vulnerable:

  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server, version 20H2

This means that most AD FS servers currently used are vulnerable to attacks, once the necessary changes are made to these servers beyond the default AD FS configuration. Microsoft did not disclose these changes at this time. When Azure AD Connect Health for AD FS is in use by an organization, however, configuration changes and usage can be monitored for AD FS with the help of Microsoft.

 

Call to action

I urge you to install the necessary security updates  on Windows Server  installations, acting as Active Directory Federation Services (AD FS) servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, acting as Active Directory Federation Services (AD FS) servers, in the production environment.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.