dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
94
share rss forum feed


bluepoint

join:2001-03-24
reply to EmoHobo

Re: Microsoft untrusted certificate store update (Dec 31st)

FAQ »technet.microsoft.com/en-us/secu···/2798897

"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically."

»support.microsoft.com/kb/2677070



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

4 edits

said by bluepoint:

"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically."

»support.microsoft.com/kb/2677070

The above link does not work for myself at the moment as it's taking far too long to display and locks up IE9.
EDIT: WTF? That page is INSANE! FAR TOO MUCH information has been posted. Browser freezes. Just how far down do I have to keep scrolling to get to the end of the page!?? It really should be broken down on separate pages. I was eventually able to load this page in Opera. IE9 came through after a few minutes... Terrible page.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

Google is your friend (if you use GoogleSharing)

CTL = Certificate Trust List Overview (Windows)

PS: The Microsoft webpage is loading just fine for me in FF 17.0.1.
--
Don't feed trolls--it only makes them grow!



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

After I got to that link I was able to read the information and refresh my memory as to what this whole issue is about.
Thank you. I was just really frustrated with Microsoft for providing such a terrible page: »support.microsoft.com/kb/2677070

said by Microsft.com :
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This updater expands on the existing automatic root update mechanism technology that is found in Windows Vista and in Windows 7 to let certificates that are compromised or are untrusted in some way be specifically flagged as untrusted.

A certificate trust list (CTL) is a predefined list of items that are signed by a trusted entity. All the items in the list are authenticated and approved by a trusted signing entity. This update expands on this existing functionality by adding known untrusted certificates to the untrusted certificate store by using a CTL that contains either their public key or their signature hash. After this update is installed, customers benefit from quick automatic updates of untrusted certificates.

Users who have disconnected systems will not benefit from this feature improvement. These customers will still have to install the root certificate updates when they are made available. Please see the “More Information” section.

As part of this update, the URLs that are used for contacting Windows Update to download the untrusted and trusted CTLs were changed. This could cause problems for enterprises that hardcode these URLs in their firewalls as exceptions."
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 edits

1 recommendation

I not sure if CTL is useful for those that download Windows Updates often.

BTW if you use the links I originally posted you can install the update manually. Or you can wait until they're on WU. I did it manually on my Win7 x64 system.

FYI the update file is named rvkroots.exe. You can extract the files within with WinZip. It contains

  5/31/2012  15:54          91,136  ADVPACK.DLL
12/31/2012  15:59          83,067  disallowedcert.sst
 5/31/2012  15:39           1,549  rvkroots.inf
 6/01/2012  10:48           6,656  updroots.exe
 5/31/2012  15:55           2,272  W95INF16.DLL
 5/31/2012  15:55           4,608  W95INF32.DLL
 
--
Don't feed trolls--it only makes them grow!


bluepoint

join:2001-03-24

1 edit

1 recommendation

Click for full size
Event 4112
For vista to W8, the CTL update will not show in WU. It has an autoupdate mechanism on it's own provided kb2677070 was installed when it was released in June 12, 2012. To check if CTL was updated automatically, look in eventvwr windows log/applications for event 4112 Source: Cap12.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

Thanks that helps quite a bit!
I see those entries in Event Viewer.



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to bluepoint

said by bluepoint:

FAQ »technet.microsoft.com/en-us/secu···/2798897

"The customers that have the automatic updater of revoked certificates (Microsoft Knowledge Base Article 2677070) will not need to take any action because the CTL will be updated automatically."

»support.microsoft.com/kb/2677070

Thanks for note and links
said by StuartMW:

Google is your friend (if you use GoogleSharing)

CTL = Certificate Trust List Overview (Windows)

PS: The Microsoft webpage is loading just fine for me in FF 17.0.1.

Thanks for the links.


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
reply to bluepoint

got it here

Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

said by Cartel:

got it here

Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 3:50:01 PM.

Ditto.