-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0106 Title: Microsoft has released Security Advisory 2743314 - Unencapsulated MS-CHAP v2 Could Allow Information Disclosure [1] Version history: 21.08.2012 Initial publication Summary ======= Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.[2] Affected Systems ============== Only VPN solutions that rely on PPTP in combination with MS-CHAP v2 as the sole authentication method are vulnerable to this issue. [2] What can you do? ================ Review Microsoft Security Advisory 2743314 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources. [2] Customers who believe they are affected can contact Customer Service and Support. [3] What to tell your users? =================== N/A More information ================ [1] http://blogs.technet.com/b/msrc/ [2] http://technet.microsoft.com/en-us/security/advisory/2743314 [3] http://www.microsoft.com/protect/support/default.mspx. Microsoft's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information in this Security Advisory and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQM2OsAAoJEPpzpNLI8SVo7uoP/RaHKR/W4aOokekwLhJcVxyi hJZ6yfyUptABf8vhsagYZbhr1wLHw3Hb3qzyMqFhelmJdjtGA9HrXgoz9sEB/WVl rEOS8fU4qLMVFHmw6+EpIpx1Ph4eVK6r9ewb+D8T55GgS/luJGjXbuW3paFhJOF5 BMojN96LQwnw1oCx0SlQnoUOU4yBCeoVjaGr29zZ3V1xr6FOsZJNTatBHBQKMtLC x2xw5CLUAhUE18Gt8QRpHOjeEGpmzpF9YpAsHXUrHHBMD9dPkp66yB8ZVHr5EDi/ 2Xb0lqHSx7J3h/OGC9ASL4b2xU8nuqG51U4dpXlf1jOogOJzesjtDNTCRRWCrXJM qD2Affk/lJ5gwUA/tyg0P4UiJE13NVvBBAHnHWFyoEOB5e/QZDLEG0KGWKrltpar QPqX0FfTEeTRrfl35sNO82YEiodOpLyN2UZ46kVowST6AEmXkHPqZeo42ogLBjS8 mg1Xba44W0WNpTrcZUwFp/vXyB65DPohgYww4018/1dlE/6fZ7EUksVM4mGKjqQ5 NOfDZDfX6K8HU6aCmydRnzfgZQDVblDmHn7q+6INB60RibOi0Ex2hs0SnRiCvH1O ZIa+HFIEF454Ot4ozzsMSN1QTXSRgkg0cEPIvHLITeksZtH/xjsiHYztJveMYClk /HKUgd76bGxYkRO93x5B =O4fL -----END PGP SIGNATURE-----