The original patch was released on 12 June to fix a flaw in the phone book of RAS, a standard part of Windows NT 4.0, Windows 2000 and Windows XP. But the software giant pulled this patch from the Windows Update service earlier this week.
Microsoft has now released a revised version the patch, advising customers who applied the first patch to apply the new one.
Users had complained about the original patch's side effects. In a posting to the NTBugtraq mailing list, one system administrator said that his users could "no longer connect to any VPN" after applying the patch.
Microsoft acknowledged the problem. In a revised bulletin, Microsoft said that while the original patch eliminated a vulnerability within RAS, it also "introduced a bug that could have the effect of requiring administrative privileges" to establish VPN connections. In other words, the RAS VPN service would not be available to ordinary users, just system administrators.
Microsoft has rated the issue "critical" and urged all users to apply the new patch. The security bulletin can be found at: