dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 edit
reply to Dustyn

Re: Microsoft untrusted certificate store update (Dec 31st)

Google is your friend (if you use GoogleSharing)

CTL = Certificate Trust List Overview (Windows)

PS: The Microsoft webpage is loading just fine for me in FF 17.0.1.
--
Don't feed trolls--it only makes them grow!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
Reviews:
·Rogers Hi-Speed
After I got to that link I was able to read the information and refresh my memory as to what this whole issue is about.
Thank you. I was just really frustrated with Microsoft for providing such a terrible page: »support.microsoft.com/kb/2677070

said by Microsft.com :
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This updater expands on the existing automatic root update mechanism technology that is found in Windows Vista and in Windows 7 to let certificates that are compromised or are untrusted in some way be specifically flagged as untrusted.

A certificate trust list (CTL) is a predefined list of items that are signed by a trusted entity. All the items in the list are authenticated and approved by a trusted signing entity. This update expands on this existing functionality by adding known untrusted certificates to the untrusted certificate store by using a CTL that contains either their public key or their signature hash. After this update is installed, customers benefit from quick automatic updates of untrusted certificates.

Users who have disconnected systems will not benefit from this feature improvement. These customers will still have to install the root certificate updates when they are made available. Please see the “More Information” section.

As part of this update, the URLs that are used for contacting Windows Update to download the untrusted and trusted CTLs were changed. This could cause problems for enterprises that hardcode these URLs in their firewalls as exceptions."
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

2 edits

1 recommendation

I not sure if CTL is useful for those that download Windows Updates often.

BTW if you use the links I originally posted you can install the update manually. Or you can wait until they're on WU. I did it manually on my Win7 x64 system.

FYI the update file is named rvkroots.exe. You can extract the files within with WinZip. It contains

  5/31/2012  15:54          91,136  ADVPACK.DLL
12/31/2012  15:59          83,067  disallowedcert.sst
 5/31/2012  15:39           1,549  rvkroots.inf
 6/01/2012  10:48           6,656  updroots.exe
 5/31/2012  15:55           2,272  W95INF16.DLL
 5/31/2012  15:55           4,608  W95INF32.DLL
 
--
Don't feed trolls--it only makes them grow!


bluepoint

join:2001-03-24

1 edit

1 recommendation

Click for full size
Event 4112
For vista to W8, the CTL update will not show in WU. It has an autoupdate mechanism on it's own provided kb2677070 was installed when it was released in June 12, 2012. To check if CTL was updated automatically, look in eventvwr windows log/applications for event 4112 Source: Cap12.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
Thanks that helps quite a bit!
I see those entries in Event Viewer.


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
reply to bluepoint
got it here

Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
Reviews:
·Rogers Hi-Speed
said by Cartel:

got it here

Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM.

Ditto.