To exploit this vulnerability, an attacker requires network access on any of several TCP or UDP ports typically blocked at network perimeters. Additionally, attackers require user credentials on Windows XP SP2 and Windows Server 2003 to successfully connect and send messages to the Routing and Remote Access service.
Another possible exploit vector involves malicious software sent through e-mail or other messaging. An exploit via this vector could allow the malicious software root access, even when executed by a user with limited privileges. In this case, however, the attacker requires user interaction for successful exploitation.
The update available from Microsoft corrects this vulnerability by adding checks that validate RPC requests to the
Routing and Remote Access service.
Customers installing this update are experiencing some problems as detailed in knowledge base article 911280. An issue has been confirmed by Microsoft that involves dial-up connections that use a terminal window or dial-up scripting. If dial-up scripting is used in a connection, the connection may fail to respond. This is likely to affect direct-dial connections to a corporate network, a university network, or to certain ISPs.
Administrators are advised to install the updated patches to resolve the issues users may be experiencing as detailed in knowledge base article 911280.