Recently, Microsoft uncovered a vulnerability that could reveal information pertaining to the service account used by ADFS. According to Microsoft, this vulnerability could allow an attacker to attempt logons outside the corporate network which could result in account lockout of the service account by ADFS if an account lockout policy has been configured.
Microsoft released a security update which it said would resolve this ADFS vulnerability. Today we learned Microsoft removed the updates and are pending a review before reposting the update. They have not provided any additional comments.
Microsoft is aware of issues with the 2843638 and 2843639 updates affecting Active Directory Federation Services 2.0 that could cause AD FS to stop working. Microsoft has removed the updates from Windows Update and the Download Center and is investigating the issues. Microsoft will release new packages once the issues have been resolved.
To view original source, click here.
We will keep you posted as we learn more about this Microsoft Update. If you have any questions or further knowledge, please post here. Thank you!