Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft revoking trust in Microsoft certificates - SA 2728973 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft revoking trust in Microsoft certificates - SA 2728973

Microsoft Security Advisory 2728973 announces that Microsoft is revoking trust in a number of Microsoft certificates. A list of 28 Microsoft intermediate certificates are placed on an untrusted list.

See:

The updat eis cumulative in that it also places previously problematic certificates in the untrusted store.

--
Swa Frantzen -- Section 66

Swa

760 Posts
Note that the update is not 100% cumulative for Windows XP/2003. Previous versions of the revocation update also included an update to crypt32.dll that "include[d] the functionality to remove trust of non-leaf certificates". So you need to install one of the previous revocation updates listed plus the one released on Tuesday. If you have already installed one of the previous ones, however, the new one is nice in that it no longer requires a reboot on XP/2003 since it is no longer updating a DLL. Also, the new one is considerably smaller for the same reason (158 KB vs 775 KB). Just make sure you leave one of the old ones in place in your build process in addition to the latest one.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!