Microsoft corrects patch after admitting XP and Server 2003 error
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday
Microsoft has re-released a security update to protect Windows XP and Server 2003 users from fraudulent certificates.
After it issued a patch last week in the wake of the DigiNotar incident, Dave Forstrom, director of Microsoft Trustworthy Computing, said the update KB2616676 was being re-released for customers using Windows XP and Server 2003 to address an issue described in the update's 'known issues' section.
He said: “Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712."
Microsoft also said that before 19 September, the versions of update 2616676 for Windows XP and Server 2003 contained only the latest six digital certificates cross-signed by GTE and Entrust, and not the digital certificates that were included in update 2607712 or 2524375.
Update 2616676 also incorrectly preceded update 2607712, so if users installed it, having not already installed the latter or 2524375 before 19 September, they would not be protected from fraudulent digital certificates as described in 2607712.