On April 12, 2005, Microsoft released MS05-019 to address several vulnerabilities in the IP implementation. One of the issues addressed was CVE CAN-2004-1060, a denial-of-service vulnerability in Path MTU Discovery. According to Microsoft, their patch
The update removes the vulnerability by restricting the minimum value of the MTU to 576 bytes. This update also modifies the way that the affected operating systems validate ICMP requests.
It fails regression tests, and the following caveats have been identified. In particular, network connectivity between clients and servers may not work.
Connectivity may fail because the Path MTU Discovery is failing. When the upstream router tells the sender to send a smaller packet, the sender doesn’t.
It would be nice if they would identify what it is that they changed, rather than beating around the bush about it.