Microsoft has re-released a borked security update to protect Windows XP and Server 2003 users from fraudulent certificates.
Update 2616676 for Windows XP and Server 2003 prior to 19 September missed digital certificates included in update 2607712 or 2524375, but contained the latest six digital certificates cross-signed by GTE and Entrust.
The update also incorrectly preceded update 2607712, meaning users would not be protected from fraudulent digital certificates in 2607712, if they installed 2616676 but not 2524375 before 19 September.
After it issued a patch last week in the wake of the hacking attack against certificate authority DigiNotar, Dave Forstrom, director of Microsoft Trustworthy Computing, said the update KB2616676 was re-released for Windows XP and Server 2003 to address the faults.
“Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712."