Sophos Cloud Optix
Microsoft had to reissue an update for users of Windows XP and Windows 2003 today related to the compromise of certificate authority DigiNotar.
It was not related to further hacking though, it appears to be a quality assurance SNAFU at the software giant.
Microsoft has updated the known issues in security advisory 2607712 to refer to an updated advisory 2616766.
KB article 2616766 points out that the update shipped last week to remove the known compromised certificates from the trusted certificate list omitted the certificates known to have been in use in the wild.
Somehow Microsoft’s Patch Tuesday update only removed additional certificates issued to DigiNotar by GTE and Entrust, but did not remove the original root certificates used to intercept communications in Iran.
Users of Windows XP and 2003 with automatic updating enabled will receive the updated patch automatically, but administrators who manually deploy patches using WSUS may be required to push update 2616676 a second time.
Even worse the update requires users of XP and 2003 to reboot after applying the fixed update. Users of Windows 7, Vista, 2008 and 2008 R2 are unaffected.
I received the re-update on the 15th (not today) through auto update. Just checked and no new updates for me (XP). What's up with that?
At least they rectified it in a acceptable time frame, and it only effects dinosaurs using XP 🙂
Sure it shouldn't have happened, but hey ho even the mighty Apple and Google make mistakes, no one is immune to human error.
Hey, XP is not dinosaur. It has a usuage about 35%, about the same as Windows 7.
"Even the mighty Apple…"??? What…as though Apple shouldn't be expected to make mistakes? As any long-time Mac user knows, Apple makes plenty of whoppers.
Perfection is the province of the mythical gods. We mortals must live with entropy…much of which is of our own making.
"…administrators who manually deploy patches using WSUS may be required to push update 2616676 a second time."
Where did you get this information? I couldn't find it in the articles.
I Didn't Receive Mine Yet ??
Check your untrusted certificate list. If you have 11 DigiNotar certificates, you are OK.