The way this is being reported is very confusing. I'm not 100% sure of this, but I read it differently from either of your suggestions, as follows: MS06-025 was released on 6/13, and I don't believe the patch itself has been revised since then. What Microsoft has released are two updates to the information about this patch. First they announced that the patch will cause failures for certain customers (including the dialup issue you mention). As far as I can tell, they have not fixed these problems. Second, they announced that proof-of-concept code has been released targeting this vulnerability, and that their testing shows that the patch provides protection against this code. > -----Original Message----- > From: MSU Network Administrators Group > [mailto:[log in to unmask]] On Behalf Of Wheeler, Bill > Sent: Thursday, June 29, 2006 9:16 AM > To: [log in to unmask] > Subject: [MSUNAG] Microsoft Security Bulletin revision > > Hi, all-- > Is anyone else confused about Tuesday's revision of MS06-025 > (RRAS)? The info from Shavlik and a couple of other sources > indicates the revision fixed a major new vulnerability in > RRAS, for which an exploit already exists; the Microsoft page > (<http://www.microsoft.com/technet/security/bulletin/ms06-025. > mspx>) seems to indicate that the revision only addresses > side effects for dial-up users from the original bulletin > (http://support.microsoft.com/kb/911280). What's your take? > Thanks! > --Bill. > Bill Wheeler, Systems Administrator > Michigan State University Libraries > (517) 432-6123 x 234 > [log in to unmask] >