Following up on the rash of issues around the recent Patch Tuesday releases, Microsoft has updated the original bulletin (MS13-066) and provided an update (2843638) for the vulnerability in Active Directory Federation Services.
The update has been rereleased to remove the original requirement for RU3 rollup QFE (update 2790338) to be installed first. Installing the original 2843638 Patch Tuesday release without RU3 being installed, caused Active Directory Federation Services to just stop working.
Full information is provided in the updated bulletin: Microsoft Security Bulletin MS13-066 - Important
So far there's no additional information being provided on the 2859537 issues, but we're watching and will let you know when more is available.