Windows 2000 & Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, & Windows ME.

A security vulnerability results in the Windows 2000 & Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain & tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory & cause the system to fail, disrupting any work in progress on the system.

Affected Software:
Microsoft Windows 2000
Microsoft Windows XP

Patch availability:
Microsoft Windows 2000
Microsoft Windows XP 32-bit
Windows XP 64-bit