Microsoft re-releases Windows XP/2003 update for DigiNotar debacle
Microsoft has had to re-release its update for Windows XP and Server 2003 as the original update did not revoke all of the fraudulent digital certificates related to the DigiNotar debacle. The company says that the previous update only revoked the latest six digital certificates issued to DigiNotar by GTE and Entrust, and didn't remove the original certificates. The new update now correctly revokes the trust of all of the root certificates for DigiNotar Root CA and DigiNotar PKIoverheid by putting them into its Untrusted Certificate Store.
The company has updated its original security advisory (2607712) to link to a revised advisory (2616766) that details the issue and has links to the updated patch. Users running Windows XP and 2003 who have automatic updating enabled should receive the new version of the patch automatically. Alternatively, users can manually install the patch.
- Telecommunications regulator bars DigiNotar from issuing certificates, a report from The H.
- DigiNotar breach due to disastrous security, a report from The H.
- Dutch government takes control of DigiNotar CA, a report from The H.