Microsoft re-releases botched security update

Microsoft has re-released a security update for Windows XP and Server 2003 after it has realized that the initial one – released last Tuesday in order to add six more DigiNotar root certificates to its Windows Untrusted Certificate Store – did not revoke all the certificates it planned to.

This particular security update blocked only the latest six digital certificates cross-signed by GTE and Entrust, but did not contain the five DigiNotar root certificates that were blocked in two earlier updates.

The mix-up left users vulnerable to man-in-the-middle attacks for almost the entire week.

Microsoft advises users running Windows XP and Server 2003 to install this cumulative update. For those who have automatic updating enabled, the update will be downloaded and installed without their intervention.




Share this