Microsoft reissues update for Win XP/2003 for DigiNotar certificate revocation


Microsoft Update on Windows XPMicrosoft had to reissue an update for users of Windows XP and Windows 2003 today related to the compromise of certificate authority DigiNotar.

It was not related to further hacking though, it appears to be a quality assurance SNAFU at the software giant.

Microsoft has updated the known issues in security advisory 2607712 to refer to an updated advisory 2616766.

KB article 2616766 points out that the update shipped last week to remove the known compromised certificates from the trusted certificate list omitted the certificates known to have been in use in the wild.

Somehow Microsoft’s Patch Tuesday update only removed additional certificates issued to DigiNotar by GTE and Entrust, but did not remove the original root certificates used to intercept communications in Iran.

Users of Windows XP and 2003 with automatic updating enabled will receive the updated patch automatically, but administrators who manually deploy patches using WSUS may be required to push update 2616676 a second time.

Even worse the update requires users of XP and 2003 to reboot after applying the fixed update. Users of Windows 7, Vista, 2008 and 2008 R2 are unaffected.