December 2009 Security Bulletin has an IAS Update

Yesterday Microsoft released six security updates and there is one in particular that is very important for VPN scenarios that uses IAS for RADIUS authentication. MS09-071 describes that Servers using IAS are only affected when configured to use PEAP with MS-CHAP v2 authentication (described in CVE-2009-3677). The vulnerability happens due an incorrect way to copy into memory messages received by the server when handling PEAP authentication attempts. This vulnerability is classified as critical. More information about December 2009 Security bulletin read the MSRC Blog: