Issue:
Windows 2000 & Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, & Windows ME.

A security vulnerability results in the Windows 2000 & Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain & tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory & cause the system to fail, disrupting any work in progress on the system.

Affected Software:
Microsoft Windows 2000
Microsoft Windows XP

Patch availability:
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43606]Microsoft Windows 2000[/URL]
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43635]Microsoft Windows XP 32-bit[/URL]
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43631]Windows XP 64-bit[/URL]