Jump to content


Microsoft Security Advisory: Fraudulent digital certificates could all

  • Please log in to reply
No replies to this topic

#1 Terryala


    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 20 September 2011 - 03:46 AM

Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing
Article ID: 2616676 - Last Review: September 19, 2011 - Revision: 4.0

Known issues

We have finished the investigation into an issue with update 2616676 for all Windows XP-based and Windows Server 2003-based systems.

Before September 19, 2011, the versions of update 2616676 for Windows XP and for Windows Server 2003 contained only the latest six digital certificates cross-signed by GTE and Entrust. These versions of the update did not contain the digital certificates that were included in update 2607712 or 2524375. Update 2616676 also incorrectly proceeded update 2607712. Therefore, before September 19, 2011 if you installed updated 2616676 and had not already installed update 2607712 or update 2524375, your system would not have been protected from the use of fraudulent digital certificates as described in security advisory 2607712.

On September 19, 2011, we rereleased update 2616676 to address this issue. If you are running Windows XP or Windows Server 2003 and you have not applied updates 2524375, 2607712, and 2616676, you should install cumulative update 2616676.

Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because the update 2616676 will be installed automatically if any certificates are missing from the Microsoft Untrusted Certificate Store. Update 2616676 will not be reoffered to systems that have updates 2524375, 2607712 and 26116676 already installed.

All releases of Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not affected by this issue.
A restart is required for all editions of Windows XP and of Windows Server 2003.