Press Release

Preempt Researchers Find Important Vulnerability Allowing Attackers to Launch External Brute-Force Attacks on AD FS Servers

Jul 09, 2019

SAN FRANCISCO – July 9, 2019 — Preempt, the leading provider of conditional access for real-time threat prevention, today announced its research team has discovered a Microsoft vulnerability in Active Directory Federation Services (AD FS) that could create a wide-scale denial-of-service against exposed organizations — and potentially could lead to identity compromise.

Microsoft released a patch to address the vulnerability for July 2019 Patch Tuesday. More information on the patch can be found on Microsoft’s security updates page. While Microsoft only released one patch, Preempt researchers believe they have actually found two vulnerabilities that allow attackers to launch brute-force attacks on AD FS servers from outside the network. All AD FS versions are vulnerable.

“If you currently have AD FS deployed, we recommend that you take action immediately,” said Preempt researcher Yaron Zinar. “Because AD FS is ubiquitous across all verticals and organizational sizes, we believe the impact of this vulnerability is far-reaching.”

For more details on this new vulnerability and how organizations can protect themselves, please visit Preempt’s security advisory blog.

Preempt customers may mitigate this AD FS weakness with capabilities such as detection of brute-force attacks and alerting of weak passwords within AD FS. In addition, Preempt provides an AD FS MFA plugin that helps prevent credential compromise.

The Preempt Research Lab team, with this discovery led by Zinar and Marina Simakov, have also found two other critical Microsoft vulnerabilities in June  that allowed attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. Simakov and Zinar will be presenting their vulnerability research from over the past month at Black Hat USA 2019 and DEF CON 27, both in Las Vegas in August.

About Preempt 

Preempt delivers a modern approach to authentication and securing identity in the enterprise. Using patented technology for Conditional Access, Preempt helps enterprises optimize identity hygiene and stop attacks in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior, and risk across all cloud and on-premises authentication & access platforms. This low friction approach empowers security teams more visibility & control over accounts and privileged access, while achieving compliance and auto-resolving incidents. Learn more: www.preempt.com.

For More Info:
Lynn Christiansen Esquer
lesquer@preempt.com
415-510-2675