[KB6969] Microsoft Active Directory Federation Services (ADFS) vulnerability allows 2FA bypass – Security patch is available

Issue

  • A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests

Solution

Microsoft has released a security patch to address this issue. 

To download and install the patch, follow the steps below:

  1. Visit the webpage https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8340#ID0EGB.
     
  2. If you agree with the terms of service, click the Please read and acknowledge our terms of service check box and click Accept.
     
  3. Scroll down to Affected Products, click Security Only or Security Update in the Download column related to your operating system hosting ADFS.
     
  4. Click Download in the row that lists your operating system.
     
  5. Click the URL displayed in the Download window.
     
  6. Double-click the downloaded .msu file and follow the on-screen instructions to complete the installation of the security update.  

 

Last Updated: Oct 15, 2019

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?