Low severity3.7NVD Advisory· Published Apr 12, 2017· Updated Jun 17, 2026
CVE-2017-0159
CVE-2017-0159
Description
A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."
Affected products
6cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159nvdPatchVendor Advisory
- www.securityfocus.com/bid/97449nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038243nvd
News mentions
0No linked articles in our index yet.