Mitigating factors: A key mitigating factor of the vulnerability for Windows XP SP2 and Server 2003 is that an attacker has to authenticate before the vulnerability can be exploited, whereas previous versions of Windows are susceptible to anonymous attack. As VPN-Q 2006 required Windows XP SP2 and Server 2003 SP1 this mitigating factor applies to all installations of VPN-Q 2006.

Ratings: Microsoft has rated this update as Critical and should be deployed as soon as possible. Where VPN-Q 2006 is used Winfrasoft recommends a rating of Moderate as the mitigating factors drastically limit the scope for attack. You should deploy this update as part of your standard security update cycle via WSUS or other deployment method. Before installing the update thorough testing is recommended to ensure that the update does not affect connectivity in your environment. This update has been tested by Winfrasoft in conjunction with VPN-Q 2006.

More information: Further information about the update is available on the Microsoft web site at http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx

This situation is a good example of why Winfrasoft selected Windows XP SP2 as a minimum requirement. This is not the first time that SP2 has severely limited the scope of a vulnerability due to better core platform security and it won't be the last.