The way this is being reported is very confusing. I'm not 100% sure of
this, but I read it differently from either of your suggestions, as follows:
MS06-025 was released on 6/13, and I don't believe the patch itself has been
revised since then. What Microsoft has released are two updates to the
information about this patch. First they announced that the patch will cause
failures for certain customers (including the dialup issue you mention). As
far as I can tell, they have not fixed these problems. Second, they
announced that proof-of-concept code has been released targeting this
vulnerability, and that their testing shows that the patch provides
protection against this code.
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of Wheeler, Bill
> Sent: Thursday, June 29, 2006 9:16 AM
> To: [log in to unmask]
> Subject: [MSUNAG] Microsoft Security Bulletin revision
>
> Hi, all--
> Is anyone else confused about Tuesday's revision of MS06-025
> (RRAS)? The info from Shavlik and a couple of other sources
> indicates the revision fixed a major new vulnerability in
> RRAS, for which an exploit already exists; the Microsoft page
> (<http://www.microsoft.com/technet/security/bulletin/ms06-025.
> mspx>) seems to indicate that the revision only addresses
> side effects for dial-up users from the original bulletin
> (http://support.microsoft.com/kb/911280). What's your take?
> Thanks!
> --Bill.
> Bill Wheeler, Systems Administrator
> Michigan State University Libraries
> (517) 432-6123 x 234
> [log in to unmask]
>
|