Microsoft reissues update for Win XP/2003 for DigiNotar certificate revocation

Filed Under: Featured, Microsoft, Privacy, Vulnerability

Microsoft Update on Windows XPMicrosoft had to reissue an update for users of Windows XP and Windows 2003 today related to the compromise of certificate authority DigiNotar.

It was not related to further hacking though, it appears to be a quality assurance SNAFU at the software giant.

Microsoft has updated the known issues in security advisory 2607712 to refer to an updated advisory 2616766.

KB article 2616766 points out that the update shipped last week to remove the known compromised certificates from the trusted certificate list omitted the certificates known to have been in use in the wild.

Somehow Microsoft's Patch Tuesday update only removed additional certificates issued to DigiNotar by GTE and Entrust, but did not remove the original root certificates used to intercept communications in Iran.

Users of Windows XP and 2003 with automatic updating enabled will receive the updated patch automatically, but administrators who manually deploy patches using WSUS may be required to push update 2616676 a second time.

Even worse the update requires users of XP and 2003 to reboot after applying the fixed update. Users of Windows 7, Vista, 2008 and 2008 R2 are unaffected.

, , , , , ,

You might like

7 Responses to Microsoft reissues update for Win XP/2003 for DigiNotar certificate revocation

  1. I received the re-update on the 15th (not today) through auto update. Just checked and no new updates for me (XP). What's up with that?

  2. At least they rectified it in a acceptable time frame, and it only effects dinosaurs using XP :)
    Sure it shouldn't have happened, but hey ho even the mighty Apple and Google make mistakes, no one is immune to human error.

    • Hey, XP is not dinosaur. It has a usuage about 35%, about the same as Windows 7.

    • Nigel · 941 days ago

      "Even the mighty Apple..."??? What...as though Apple shouldn't be expected to make mistakes? As any long-time Mac user knows, Apple makes plenty of whoppers.

      Perfection is the province of the mythical gods. We mortals must live with entropy...much of which is of our own making.

  3. Brad C · 941 days ago

    "...administrators who manually deploy patches using WSUS may be required to push update 2616676 a second time."

    Where did you get this information? I couldn't find it in the articles.

  4. Alissa · 941 days ago

    I Didn't Receive Mine Yet ??

    • Check your untrusted certificate list. If you have 11 DigiNotar certificates, you are OK.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.