team-bg-img
time 1 minute read

Helient Systems :

by Will Fulmer, Chief Operating Officer

Microsoft has released a fix for a newly identified flaw in Microsoft Active Directory Federation Services (ADFS). Andrew Lee, a security engineer for Okta Research and Exploitation (REX) discovered the bug, which exposes a potential massive vulnerability within ADFS.

Many organizations use ADFS for identity management and authentication to company resources. Many two-factor authentication mechanisms bolt onto ADFS including Microsoft’s MFA product, along with third party solutions such as Okta, Gemalto, RSA, and SecureAuth. All of these 2FA products are subject to this vulnerability.

This newly discovered exploit would allow for the bypassing of the multifactor authentication prompt, providing the offender has a username and password pair for another user on the same ADFS service. Essentially, this bypass acts as a ‘skeleton key’, allowing for unauthorized and insecure access to resources.

This attack has not yet been seen in the wild, but Microsoft has issued a software update/patch to remove this vulnerability and mitigate this exposure. More information can be found on this link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8340

Product Article Download Impact Severity Supersedence
Windows Server 2012 R2 434389 Monthly Rollup Security Feature Bypass Important 4338815
4343888 Security Only
Windows Server 2012 R2
(Server Core installation)
4343898 Monthly Rollup Security Feature Bypass Important 4338815
4343888 Security Only
Windows Server 2016 4343887 Security Update Security Feature Bypass Important 4338814
Windows Server 2016
(Server Core installation)
4343887 Security Update Security Feature Bypass Important 4338814
Windows Server, version 1709
(Server Core Installation)
4343897 Security Update Security Feature Bypass Important 4338825
Windows Server, version 1803
(Server Core Installation)
4343909 Security Update Security Feature Bypass Important 4338819

Please contact Helient if we can assist you with your ADFS and multi-factor environment and remediating this vulnerability.