Broadband Tech > Security > Security > Microsoft untrusted certificate store update (Dec 31st)

Microsoft untrusted certificate store update (Dec 31st)

quote:

---

Install this update to resolve an issue which requires an update to the untrusted certificate store on Windows systems and to keep your systems up to date. After you install this update, you may have to restart your system.

---

Hmm, Microsoft seems to have pulled all of the above.

They're up again.
--
Don't feed trolls--it only makes them grow!

Microsoft is a mess.

With the ugly Ribbon for Office and now Windows 8, seems like they're going down the drain slowly.

blowing that money on skype didn't help

reply to StuartMW
Keep the links posted anyways, who knows, they could come back up. I wonder if they slipped through Windows Update during the brief time they were available...

I found it on my WSUS server and it did install on a few Win 7 client machines. The SBS server has it ready to install but I'm declining it until I learn why they pulled it.

Now I wonder why they pulled it. I'd have loved to have read the support notes about it.

reply to Dustyn

I noticed this evening that the update is now in the Declined list on a WSUS server and the update no longer shows as installed when I look in the "Installed Updates" list on a 2008 Server box and some Win 7 machines that I know accepted and installed the update. It does show in the update history though on all the machines I know it installed on. I guess they reversed it in WSUS and told it to uninstall and then set the update too declined.
I could allow it again but it says removal is not allowed so I don't plan on allowing it.
This update was a weird one.

I wonder if it had anything to do with KB2794220?
They only have a temp fix for that one at this time. The real fix is to use a 3rd party browser I think!

reply to StuartMW
Bump.

Updates are back. Downloaded them for WinXP and Win7. Links above are good.

FYI packages were digitally signed ‎Monday, ‎December ‎31, ‎2012 17:08:52 so no changes seem to have been made from my initial post (My post was at 14:00:26 PST).
--
Don't feed trolls--it only makes them grow!

reply to StuartMW
I just got this and was a little surprised since it didn't require a restart, can someone explain what this update was as it seems pretty serious but I don't quite get it and I've never seen an update like this before.

All the update does it change the registry entries for Root Certificates that have been revoked (because they've been stolen, mis-used etc). No actual software (patch) is installed.
--
Don't feed trolls--it only makes them grow!

Is this a regular thing or did something big happen within Microsoft?

Not sure what your question is?

This kind of update is not common. Microsoft doesn't often pull updates and the reissue them but it is not unheard of.
--
Don't feed trolls--it only makes them grow!

No real question just curious about the update and further more about it being pulled.

FAQ »technet.microsoft.com/en-us/secu···/2798897

"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically."

»support.microsoft.com/kb/2677070

reply to StuartMW
I got this update in my XP SP3 machines so far. Nothing in my 64-bit W7 and Vista HPE SP2.

reply to bluepoint

Google is your friend (if you use GoogleSharing)

CTL = Certificate Trust List Overview (Windows)

PS: The Microsoft webpage is loading just fine for me in FF 17.0.1.
--
Don't feed trolls--it only makes them grow!

After I got to that link I was able to read the information and refresh my memory as to what this whole issue is about.
Thank you. I was just really frustrated with Microsoft for providing such a terrible page: »support.microsoft.com/kb/2677070

said by Microsft.com :

---

An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This updater expands on the existing automatic root update mechanism technology that is found in Windows Vista and in Windows 7 to let certificates that are compromised or are untrusted in some way be specifically flagged as untrusted.

A certificate trust list (CTL) is a predefined list of items that are signed by a trusted entity. All the items in the list are authenticated and approved by a trusted signing entity. This update expands on this existing functionality by adding known untrusted certificates to the untrusted certificate store by using a CTL that contains either their public key or their signature hash. After this update is installed, customers benefit from quick automatic updates of untrusted certificates.

Users who have disconnected systems will not benefit from this feature improvement. These customers will still have to install the root certificate updates when they are made available. Please see the “More Information” section.

As part of this update, the URLs that are used for contacting Windows Update to download the untrusted and trusted CTLs were changed. This could cause problems for enterprises that hardcode these URLs in their firewalls as exceptions."

---