vulnerability

Microsoft Windows: CVE-2017-0159: ADFS Security Feature Bypass Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Apr 11, 2017	Apr 11, 2017	Sep 5, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 11, 2017

Added

Apr 11, 2017

Modified

Sep 5, 2025

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

Solutions

microsoft-windows-windows_10-1607-kb4015217microsoft-windows-windows_10-1703-kb4015583microsoft-windows-windows_server_2012_r2-kb4015547microsoft-windows-windows_server_2016-1607-kb4015217msft-kb4015547-e0e5d08f-8c2b-4dcf-a8c9-36eb7c174896msft-kb4015547-eb001e30-98fe-4874-a0c9-436635649fdd

References

BID-97449
CVE-2017-0159
https://attackerkb.com/topics/CVE-2017-0159
URL-https://support.microsoft.com/help/4015217
URL-https://support.microsoft.com/help/4015547
URL-https://support.microsoft.com/help/4015583

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today