MS05-019 Breaks VPN
From: Darryl J Roberts (DarrylJR_at_SEU.COM)
Date: Tue, 19 Apr 2005 18:11:19 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
After installing the update in Microsoft Security Bulletin MS05-019 on
two servers at a customer site, we are no longer able to connect via VPN
to terminal services on those servers. (Other servers that did not have
the security bulletins from last Tuesday installed can connect via VPN.)
After many hours over two days working with Microsoft Product Support
Services, we discovered that forcing the MTU size down allowed the
client to connect to terminal services. Today Microsoft PSS reported
the they have confirmed that there is a problem with ICMP messages being
incorrectly discarded (other have opened PSS cases about this issue).
This could be why the MTU size is not being set correctly.
There will be an update to the patch in MS05-019, but as of this time,
that update is not available. A Microsoft KB article is being written
and has been assigned the number KB898060, but as to this time, that
article is not publicly available.
I will be uninstalling the update for Security Bulletin MS05-019 from
our customers servers this evening and waiting for the corrected patch
before reinstalling it.
-- Darryl J. Roberts, MCSE, MCP+I, CompTIA CTT+, CSSA Software Engineering Unlimited, IT Professional Services Consultancy Ventura, CA, USA -- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --