Overview
Microsoft is updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties.
An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8. For these operating systems and devices, customers do not need to take any action as these systems and devices will be automatically protected.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action as these systems will be automatically protected.
For customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 2917500 update be applied immediately using update management software, by checking for updates using the Windows Update service. After you install this item, you may have to restart your computer.
This Update also available for download from Microsoft Download Center. The link in this section correspond to file available for this download. Click on the "Download" button to start the download.
Security Update for Windows XP and Windows Server 2003 (KB2917500)
Supported Operating System
- Windows XP with SP3
- Windows Server 2003
References
Microsoft Security Response Center
Microsoft Security Advisory (2916652)
Microsoft Support KB2917500
No comments:
Post a Comment