MS13-066: Vulnerability in Active Directory Federation Services could allow information disclosure: August 13, 2013

Article translations Article translations
Article ID: 2873872 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS13-066. To view the complete security bulletin, go to the following Microsoft website:

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information

Notes for computers running Windows Server 2012
  • Computers running Windows Server 2012 will be offered security updates 2843638 and 2843639. These packages are chain installed.
  • When the installation is complete, both updates 2843638 and 2843639 are listed in the list of installed updates.
  • Windows Update will not re-offer these security updates the previous versions are already installed.
Notes for computers running Windows Server 2008 R2 and Windows Server 2008
  • Computers running Windows Server 2008 R2 and Windows Server 2008 will only be offered security update 2843638. This package includes the security updates that are included in 2843638 and 2843639. Windows Update will not re-offer these security updates the previous versions are already installed.
  • When the installation is complete, only update 2843638 is listed in the list of installed updates.
  • A previous revision of this security update required that http://support.microsoft.com/kb/2790338 be applied to avoid functionality issues with security update 2843639. This dependency is no longer required for computers running Windows Server 2008 R2 and Windows Server 2008.
  • Windows Update will re-offer security update 2843638 if the previous version of the security update is already installed.

Known issues and additional information about this security update

  • Microsoft is aware of problems with the security updates described in MS13-066 that affect Active Directory Federation Services (ADFS) 2.0. The problems could cause ADFS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed.

    On August 19th 2013, Microsoft rereleased security update 2843638 to address this issue. Customers who already installed the original updates will be reoffered security update 2843638 and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates.
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2868846 MS13-066: Description of the security update for Active Directory Federation Services 1.x: August 13, 2013
    Note After you install this security update, you must edit the Clientlogon.aspx page to add the text "autocomplete=off" for the Username and Password text boxes to manually complete the installation.
  • 2843638 MS13-066: Description of the security update for Active Directory Federation Services 2.0: August 13, 2013


    Known issues in security update 2843638:
    • Microsoft Knowledge Base article 2843638 describes several issues that are resolved by hotfix 2896713. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
      2896713 Update is available to fix several issues after you install security update 2843638 on an AD FS server
  • 2843639 MS13-066: Description of the security update for Active Directory Federation Services 2.0: August 13, 2013


    Known issues in security update 2843639:
    • Knowledge Base article 2843639 describes several issues that are resolved by hotfix 2896713. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
      2896713 Update is available to fix several issues after you install security update 2843638 on an AD FS server
    Note After you install this security update, you must edit the FormsSignIn.aspx page to add the text "autocomplete=off" for the Username and Password text boxes to manually complete the installation.

FILE INFORMATION

File hash information

Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameSHA1 hashSHA256 hash
Windows6.0-KB2843638-v2-x64.msuD3A586BF02B5FC2808875EC68D4E14B860B117C402211F7C344B464C6C1C92A7006BD8DA5E5639C81958CF46F09A4ED525C8027A
Windows6.0-KB2843638-v2-x86.msuC813825E20E6E886BABC437A3D0CE0A5CC2DD5BE48AC254EB9FD5B429C9445736DD44497B4F5B601E9A69DA900DAE5D3573F06DC
Windows6.1-KB2843638-v2-x64.msuC4655030D421C21E4494E563B716D1235954725C3B24E04827818B86A2E5165EC590F1F46B662FD70D592A01588D8E3A8E5F4953
Windows8-RT-KB2843638-x64.msu65FFB163EE037D36B886A30E760BF88D7B9B58C837C6D712022EF49FEC81157BB2872E90E70E8CEA013FE7998AE3059989A80A02
Windows8-RT-KB2843639-x64.msuC152CAD72560AFB3E79F67A82F64C2506599C4C91BA79E41913894306F63D603BA4223DB6FA0A4F79B95EC86926F8A6C45B2420F
Windows6.0-KB2843639-x64.msu2C86E545DA59C459A2A006CE241F7A38DEB46E5C3C5223B6A189732B0EAA6685194810EC0F26A01EBEBE3139C6EA0B9C94011B90
Windows6.0-KB2843639-x86.msu6444E853E92A154CFBC991FDC68EFC71C5D3E16E45367251175F24370469362CF160A83D3460EB067A198C15051E06A4844567C8
Windows6.0-KB2868846-x64.msu0649EE6753F107310177CD1B253C2D8FB1E6E0D484B7EF75273FC98E257D32E78BDE583C7D60AEE13CD9CB97B2F27DD13FBC38BA
Windows6.0-KB2868846-x86.msuDEB32C23142910D606C3E34167A1E47BDD6382A4D31B15CAF04FF51A3744E0D93FBB7D6DF389093B8BB080465045981F7FD8CBB7
Windows6.1-KB2843639-x64.msu97599B5D021362506463273C4041226A090E58235D106038D1B5EB72632377D9E32E00E522F1147B319A1C2C6690ABDEC5FB9D18
Windows6.1-KB2868846-x64.msu4B8ADAD816C60809F37B212B52090B08844B23E24B3F06D2FEB7FBFEE4911A536371853A76EC69A0B307E54D5730754E9966004F
WindowsServer2003-KB2868846-x86-CHS.exe95EEF588979F2A135D74197CF6A83724084BB48E1B1DDC13F85A0AF04D94D547D6E717ECBE8D24C3A7606270C900D4117EEDB262
WindowsServer2003-KB2868846-x86-CHT.exe0BE9C094FD4D29F113071FCF5C5A5E8A67C3221CA4419A1282711F99209D6DC2B7920C3908782E5F6943DD8026BC1EA8163C6F17
WindowsServer2003-KB2868846-x86-CSY.exeE2DFC912637C97FC89AD84C578EA89F3C1D55AF2F96071696229C90AC48C6A3A2CB402DC17F6826FF1C33AE217F3FA040B6DE83B
WindowsServer2003-KB2868846-x86-DEU.exeA9B9B1157B04B5E9A627B7A98CFA8751F1F6E294ECBF5B35762034F3801A8DC81CB5BB91E544EB3A0462412ABC0835A9FF3C0964
WindowsServer2003-KB2868846-x86-ENU.exeD346335422493DD5FF731FDC6C84F94CDD5F1DBA81A78348D3C4A82FCCABB6C43C645A0BD10676D86C2E76456B7CBACA422FDFCD
WindowsServer2003-KB2868846-x86-ESN.exe9B974FB395BC4487C19CF6181C0B5D8004E8913B18E401AF4171B25E3C3DC9C906E68232B28D7B01B351452B8852295146E0562D
WindowsServer2003-KB2868846-x86-FRA.exe80435451766990544B54F2D2FF484F7782B027EE30C4061FCE8A5DE97B17A0306F665354072CE9CB17CC7AC40265AF3A1D6BACF2
WindowsServer2003-KB2868846-x86-HUN.exeB91BCB4F63FBCDB45B284A0A3563CFF19C72DAA7CE51D5530650F2171F38BABD7FA992E6110C0C5C296022BFC229A669013692D0
WindowsServer2003-KB2868846-x86-ITA.exeF7187B9B16F52BD40F837F798F576E631A8C22AD83EAD59D8AFF57F27695551665043298C3A9DA66F77423AF64D63A2A1A135E96
WindowsServer2003-KB2868846-x86-JPN.exe5B609F02F40DE558786D3607DA19922ABBF766856170609F9808DBDD50F9BD59AE0F3695D76C31196E293CE26FAAD65C001A1E88
WindowsServer2003-KB2868846-x86-KOR.exe7706F55A53F40BFE3900CF3F501DB8AFE018A012987491A123F6544ABD1EAF26D856523F698249339574ACABFD08F59BBE8B6FD5
WindowsServer2003-KB2868846-x86-NLD.exe6EADB2A052183EB73E64C25B29F04BB673174355852880C1DB58C3750FA059AE836991F6D7F64F1C708E1A56B09CD1594BF12B2E
WindowsServer2003-KB2868846-x86-PLK.exe037D82DC4F9717D544AA855F6AD29E8D5ABF3568639160A6E0FC0DC44BAB55AF14A649C3D3D29BAEB4FCE8441E9A747B878D94C6
WindowsServer2003-KB2868846-x86-PTB.exe3E01A0090C714AFA353BFE86F208B519A5C5E4D934F207BF3A535E83599B3FDA620B23B90C71678211CB98AC26B36A2197F6473F
WindowsServer2003-KB2868846-x86-PTG.exeB357EFCB2032924093B943CF6C4FB23F83AF98D42D3F9E8BF1EF4863277419A9E499DFDE857F6E4B5B315A224DA13343EE1CCFB1
WindowsServer2003-KB2868846-x86-RUS.exeB31FC8EBC674F266212140AC79C2785B7770517BF5D2102E95431A25D3ADF8552B7A4DFF864335D4FEA49EBADC440C02FF412D77
WindowsServer2003-KB2868846-x86-SVE.exe47A7E1601E9ACE9605314510974C9904250274383453855F909B8DDFF70B8D706575B5D4E9A732628E0F4E5E8ADFB3DFD9B8534A
WindowsServer2003-KB2868846-x86-TRK.exe03617877880564F726D7830895CFAA0AE5970D34E93F0BD730376BB0D0B230C79D303A4BE3ED74D98F1A461A64238C7BD11917F6
WindowsServer2003.WindowsXP-KB2868846-x64-CHS.exe07CF3A347257350C86B20C2A21F90CB15769839931D48EE607F73D7DDE16689644F4E6A8F0BD8BEAF81B775F2158FEAD273F57A2
WindowsServer2003.WindowsXP-KB2868846-x64-CHT.exeB2AEB2761358B5281FB640A0A3D358093F96F73089B85DE692222A7C8915773BC32247841CA4B2EC36113029EAA029963F207E60
WindowsServer2003.WindowsXP-KB2868846-x64-DEU.exeC15EC484FF4935C067B7EBC6241B2CD329D50D62808A43B690C511570D4BC1EC94CDEC6C1F30A1C6B8644037E1A7F67B63260711
WindowsServer2003.WindowsXP-KB2868846-x64-ENU.exe8DE25AA79AEA3D5B34F5BD74CF5605AD501EED4D3482FE13CFB748821C54BD77B4799BA9F84F1B959E0E7EA7571FDC083CF3EC9B
WindowsServer2003.WindowsXP-KB2868846-x64-ESN.exe809CD91ABDADA30553EAAFB563E3B42EBCFB318B52B249F0F67C580A4706D6318E52DFADA1C59B8EE17A8BD39CFD044E41135C56
WindowsServer2003.WindowsXP-KB2868846-x64-FRA.exeF05322670D9027BE40DEC980A01F5505C1F8B1D047088F0AAF9D4C123C6B66C7F67439E39B1B01D13319346231C53B321FCBB410
WindowsServer2003.WindowsXP-KB2868846-x64-ITA.exe5B4741C99CC685720AED070DBAD7E6AD2883A279F137D2203AFDDB7434CF506961A9C3D0AA4E45E20F9DF0600EE76ABD979A145A
WindowsServer2003.WindowsXP-KB2868846-x64-JPN.exe94F6FA934103C5EC0D3BE0339C8D8CD3B7BB1A35620BA8FE023816744902FEC6BE90340D7314473555351B9BCB7BF299AF72CAA1
WindowsServer2003.WindowsXP-KB2868846-x64-KOR.exe861A14C9F2409725565D56D13B2221E7B89C47D997AFA138A6E7A9882E8490EEDDA77C270A331F2B6DC24FF3DFD3CC97F773744C
WindowsServer2003.WindowsXP-KB2868846-x64-PTB.exe5827ADDBFAB253A1BC25E6F2FAC437C29EB753B3EDAE47112C668FC2AB8726C8077F559A1701E7509F873A6FDE0815B762B45D39
WindowsServer2003.WindowsXP-KB2868846-x64-RUS.exe763F64994DC3AB69453806C63D18D229B11630973C4D2DCEB674C698583E19324488F0401089516A54E9810BABEA7D6DD5EA7490
Collapse this imageExpand this image
assets folding end collapsed

Properties

Article ID: 2873872 - Last Review: November 20, 2013 - Revision: 5.0
Applies to
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2012 Standard
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2873872

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com