Flaw found in Microsoft security fix


Flaw found in Microsoft security fix

A patch that fixes a security flaw in the Windows Remote Access Service (RAS) has a bug that can stop users from making virtual private network (VPN) connections.

The original patch was released on 12 June to fix a flaw in the phone book of RAS, a standard part of Windows NT 4.0, Windows 2000 and Windows XP. But the software giant pulled this patch from the Windows Update service earlier this week.

Microsoft has now released a revised version the patch, advising customers who applied the first patch to apply the new one.

Users had complained about the original patch's side effects. In a posting to the NTBugtraq mailing list, one system administrator said that his users could "no longer connect to any VPN" after applying the patch.

Microsoft acknowledged the problem. In a revised bulletin, Microsoft said that while the original patch eliminated a vulnerability within RAS, it also "introduced a bug that could have the effect of requiring administrative privileges" to establish VPN connections. In other words, the RAS VPN service would not be available to ordinary users, just system administrators.

Microsoft has rated the issue "critical" and urged all users to apply the new patch. The security bulletin can be found at:

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy