Microsoft has re-released a borked security update to protect Windows XP and Server 2003 users from fraudulent certificates.
Update 2616676 for Windows XP and Server 2003 prior to 19 September missed digital certificates included in update 2607712 or 2524375, but contained the latest six digital certificates cross-signed by GTE and Entrust.
The update also incorrectly preceded update 2607712, meaning users would not be protected from fraudulent digital certificates in 2607712, if they installed 2616676 but not 2524375 before 19 September.
After it issued a patch last week in the wake of the hacking attack against certificate authority DigiNotar, Dave Forstrom, director of Microsoft Trustworthy Computing, said the update KB2616676 was re-released for Windows XP and Server 2003 to address the faults.
“Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712."
This article originally appeared at scmagazineuk.com
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.