News

Flaw found in Microsoft security fix

A patch that fixes a security flaw in the Windows Remote Access Service (RAS) has a bug that can stop users from making virtual private network (VPN) connections.

The original patch was released on 12 June to fix a flaw in the phone book of RAS, a standard part of Windows NT 4.0, Windows 2000 and Windows XP. But the software giant pulled this patch from the Windows Update service earlier this week.

Microsoft has now released a revised version the patch, advising customers who applied the first patch to apply the new one.

Users had complained about the original patch's side effects. In a posting to the NTBugtraq mailing list, one system administrator said that his users could "no longer connect to any VPN" after applying the patch.

Microsoft acknowledged the problem. In a revised bulletin, Microsoft said that while the original patch eliminated a vulnerability within RAS, it also "introduced a bug that could have the effect of requiring administrative privileges" to establish VPN connections. In other words, the RAS VPN service would not be available to ordinary users, just system administrators.

Microsoft has rated the issue "critical" and urged all users to apply the new patch. The security bulletin can be found at:
www.microsoft.com/technet/security/bulletin/MS02-029.asp

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy