This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site that, due to the vulnerability, fails to properly sanitize script embedded in the URL. Once an attacker has successfully submitted specially crafted script to a target site, any webpage on that site that contains the specially crafted script is a potential vector for cross-site scripting attacks.