You guys really should subscribe to MS security announcements... ;-) http://www.microsoft.com/technet/security/bulletin/MS02-051.asp Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the books! ----- Original Message ----- From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 30, 2002 5:06 PM Subject: [isalist] Re: Microsoft PPTP VPN vulnerability http://www.ISAserver.org If you read it on the Internet, it must be true. The sky is falling! Seriously... it *might* be true. And this once again leads us to the never ending battle of "exploits in a lab environment" vs "exploits in the wild" and the responsibilities of both the reporting party and Microsoft. If the cat is truly out of the bag, you can be sure that some hack is already cranking out code for the script kiddies to download and play with. Otherwise, we wait for another sercurity bulletin and patch as needed. ----- Original Message ----- From: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 30, 2002 4:51 PM Subject: [isalist] Microsoft PPTP VPN vulnerability http://www.ISAserver.org Any validity to this? http://www.infoworld.com/articles/hn/xml/02/09/27/020927hnmsvpnflaw.xml http://zdnet.com.com/2100-1105-959659.html ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')