Whats the risk to Windows workstations?
If it had a PPTP session underway already. When a Windows client has an active outbound PPTP session, its PPTP service also listens for and will accept incoming control data on the PPTP port, and as a result the vulnerability could be exploited. It’s worth noting, however, that the typical PPTP usage scenario could help mitigate these attacks. In contrast to servers, which usually occupy static, well-publicized IP addresses, workstations – especially traveling ones – tend to change their IP addresses frequently and therefore be more difficult to target.