Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2.
Customers concerned with this scenario are advised to review the guidance described in the advisory to help protect themselves. We encourage customers to review our guidance and evaluate the risk and cost to their individual environments.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Director, Microsoft Trustworthy Computing