|
to StuartMW
Re: Microsoft untrusted certificate store update (Dec 31st)Is this a regular thing or did something big happen within Microsoft? |
|
|
StuartMW
Premium Member
2013-Jan-3 2:34 pm
Not sure what your question is?
This kind of update is not common. Microsoft doesn't often pull updates and the reissue them but it is not unheard of. |
|
|
|
No real question just curious about the update and further more about it being pulled. |
|
|
|
FAQ » technet.microsoft.com/en ··· /2798897"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically." » support.microsoft.com/kb/2677070 |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
4 edits |
Dustyn
Premium Member
2013-Jan-3 5:16 pm
said by bluepoint:"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically."
»support.microsoft.com/kb/2677070 The above link does not work for myself at the moment as it's taking far too long to display and locks up IE9. EDIT: WTF? That page is INSANE! FAR TOO MUCH information has been posted. Browser freezes. Just how far down do I have to keep scrolling to get to the end of the page!?? It really should be broken down on separate pages. I was eventually able to load this page in Opera. IE9 came through after a few minutes... Terrible page. |
|
1 edit |
StuartMW
Premium Member
2013-Jan-3 5:28 pm
Google is your friend (if you use GoogleSharing) CTL = Certificate Trust List Overview (Windows)PS: The Microsoft webpage is loading just fine for me in FF 17.0.1. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
|
Dustyn
Premium Member
2013-Jan-3 5:36 pm
After I got to that link I was able to read the information and refresh my memory as to what this whole issue is about. Thank you. I was just really frustrated with Microsoft for providing such a terrible page: » support.microsoft.com/kb/2677070said by Microsft.com : An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This updater expands on the existing automatic root update mechanism technology that is found in Windows Vista and in Windows 7 to let certificates that are compromised or are untrusted in some way be specifically flagged as untrusted.
A certificate trust list (CTL) is a predefined list of items that are signed by a trusted entity. All the items in the list are authenticated and approved by a trusted signing entity. This update expands on this existing functionality by adding known untrusted certificates to the untrusted certificate store by using a CTL that contains either their public key or their signature hash. After this update is installed, customers benefit from quick automatic updates of untrusted certificates.
Users who have disconnected systems will not benefit from this feature improvement. These customers will still have to install the root certificate updates when they are made available. Please see the More Information section.
As part of this update, the URLs that are used for contacting Windows Update to download the untrusted and trusted CTLs were changed. This could cause problems for enterprises that hardcode these URLs in their firewalls as exceptions."
|
|
2 edits
1 recommendation |
StuartMW
Premium Member
2013-Jan-3 5:41 pm
I not sure if CTL is useful for those that download Windows Updates often. BTW if you use the links I originally posted you can install the update manually. Or you can wait until they're on WU. I did it manually on my Win7 x64 system. FYI the update file is named rvkroots.exe. You can extract the files within with WinZip. It contains 5/31/2012 15:54 91,136 ADVPACK.DLL
12/31/2012 15:59 83,067 disallowedcert.sst
5/31/2012 15:39 1,549 rvkroots.inf
6/01/2012 10:48 6,656 updroots.exe
5/31/2012 15:55 2,272 W95INF16.DLL
5/31/2012 15:55 4,608 W95INF32.DLL
|
|
1 edit
1 recommendation |
Event 4112 |
For vista to W8, the CTL update will not show in WU. It has an autoupdate mechanism on it's own provided kb2677070 was installed when it was released in June 12, 2012. To check if CTL was updated automatically, look in eventvwr windows log/applications for event 4112 Source: Cap12. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
Dustyn
Premium Member
2013-Jan-3 6:13 pm
Thanks that helps quite a bit! I see those entries in Event Viewer. |
|
|
to bluepoint
Thanks for note and links Thanks for the links. |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC |
to bluepoint
got it here
Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
|
Dustyn
Premium Member
2013-Jan-4 11:02 pm
said by Cartel:got it here
Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM. Ditto. |
|