Title: Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
Released: 12 June 2002
Revised: 02 July 2002 (Version 2.0)
Software: Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP, Routing and Remote Access Server (RRAS)
Impact: Local Privilege Escalation
Max Risk: Critical
On June 12, 2002, Microsoft released the original version of this bulletin. On July 2, 2002, the bulletin was updated to reflect the availability of a revised patch. Although the original patch completely eliminated the vulnerability, it had the side effect of preventing non-administrative users from making VPN connections in some cases. The revised patch correctly handles VPN connections. The revised patch is immediately available from the Download Center and will be soon made available via WindowsUpdate.