
The patch is for a vulnerability in Routing and Remote Access (RRAS) that could allow remote code execution on Windows XP and Windows Server.
The cause of the bug is a remote code execution vulnerability in the Remote Access Connection Manager service that could allow an attacker to take complete control of the affected system.
However, Microsoft noted that users unaffected by the original release do not need to install the update.
Redmond was apparently concerned at the behaviour of some members of the security community around the time of the original patch release.
Exploit code for the RRAS flaw began appearing on the internet soon after the patch was published, which could be seen as a breach of the commonly accepted practice of withholding such information until the patch has had time to disseminate.
More information is available in Microsoft Security Bulletin MS06-025.