Update for Windows 7 SP1, Vista SP2, XP SP3 Revokes All DigiNotar Root Certificates

KB 2607712 is available for all supported versions of Windows

By on September 7th, 2011 16:12 GMT

Microsoft reacted extremely rapidly to protect users of Internet Explorer against attacks leveraging fraudulent DigiNotar root certificates, and is now providing an update for all supported versions of Windows designed to revoke the trust of all DigiNotar root certificates.

Customers running Windows are advised to deploy KB 2607712 as fast as possible, and ensure that DigiNotar certificates are moved to the Microsoft Untrusted Certificate Store.

KB 2607712 is available for Windows 7 Service Pack 1 (SP1), Windows Vista SP2, Windows XP SP3, but also their server equivalents, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 – links at the bottom of this article.

“Based on our investigation, we’ve deemed all DigiNotar certificates to be untrustworthy and have moved them to the Untrusted Certificate Store. Additionally, we have extended our support with this update so all customers using Windows XP, Windows Server 2003, and all Windows supported third-party applications are protected,” revealed Dave Forstrom, director, Trustworthy Computing.

Initially, the software giant had been able to protect only IE users running Windows 7 or Windows Vista, but protection has now been extended to all customers running supported releases of Windows client and Server platforms.

Here is a list with the DigiNotar root certificates which have been revoked: DigiNotar Root CA, DigiNotar Root CA G2, DigiNotar PKIoverheid CA Overheid, DigiNotar PKIoverheid CA Organisatie – G2 and DigiNotar PKIoverheid CA Overheid en Bedrijven.

Fraudulent DigiNotar certificates have already been abused by attackers in the wild. Windows users should deploy the update provided by Microsoft to ensure that they’re safe against spoofed content, phishing attacks, and man-in-the-middle attacks.

“Microsoft recognizes that this issue is an industry problem, and has been actively collaborating with certificate authorities, governments, and software vendors to help protect its mutual customers. Microsoft continues to investigate this issue,” Forstrom added.

Download the Update for Windows 7 (KB2607712) package now.

Download the Update for Windows 7 for x64-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 x64 Edition (KB2607712) package now.

Download the Update for Windows Vista (KB2607712) package now.

Download the Update for Windows Vista for x64-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 (KB2607712) package now.

Download the Update for Windows Server 2008 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 x64 Edition (KB2607712) package now.

Download the Update for Windows XP (KB2607712) package now.

Download the Update for Windows XP x64 Edition (KB2607712) package now.

Download the Update for Windows Server 2003 (KB2607712) package now.

Download the Update for Windows Server 2003 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2003 x64 Edition (KB2607712) package now.

Comments