Question about update KB2607712 and fraudulent certificates

Discussion in 'other security issues & news' started by Syonisus, Oct 9, 2011.

Thread Status:
Not open for further replies.
  1. Syonisus

    Syonisus Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    3
    Let's say i update XP, including update KB2607712 and AFTER doing so i install update KB931125 June 2011, will KB931125 re-add those fraudulent certificates from Diginotar or i absolutely need to install KB931125 BEFORE KB2607712?
     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi,

    First, if you would allow me (as I am just curious), do you have any particular reason for asking your question?

    You said "update KB931125 June 2011".
    But I wonder whether that date is right.
    The following page is telling me that it was last updated on 3/21/2011, which is 21 March 2011:
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=6149
    Hmm, that page is giving a link to the following page (last updated on 5 Sept 2011):
    http://support.microsoft.com/kb/931125/en-us
    Hmmm, looks a little bit confusing all those dates, in particular when you look at the following page (last updated on 19 Sept 2011):
    http://support.microsoft.com/kb/2616676/en-us

    At first look it seems to me that some Microsoft pages might need an update....

    So, my advice would be (on XP):
    If you have first installed KB2607712 and then KB931125, by all means do follow the instructions on the following page (since it is dated on 19 Sept 2011):
    http://support.microsoft.com/kb/2616676/en-us

    PS: as for the DigiNotar certs, you can have a look at them; they should be "untrusted". Since I use the Dutch version of XP, it is a bit difficult for me to give the exact explanation how to do that on an English version, sorry.
     
  3. Syonisus

    Syonisus Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    3
    Thanks for the reply! I can't check right now since i'm not on XP but i plan on installing it soon and wanted to know beforehand, i used XP about 1 or 2 week ago and when you actually update XP the most current KB931125 (the only one after installing SP3) is dated June 2011.

    As for KB2607712, i guess i remembered it wrong, it probably was KB2616676 but still, do installing KB2616676 and then KB931125 re-add those certificates and negate KB2616676 update?

    The reason is i obviously don't want thoses certificates to be added again, that would be really weird to have a security update be rendered useless because of another security update re-adding the security risk.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi,

    As I posted, I would strongly suggest to follow the advice in:
    http://support.microsoft.com/kb/2616676/en-us

    You can always install KB931125 and then check whether the DigiNotar certs are untrusted if you like (as I said it is difficult for me to explain how to on English XP).
    If the DigiNotar certs are not untrusted, you should get an automatic update from Windows!
    If you want to be absolute certain, then follow again the instructions on:
    http://support.microsoft.com/kb/2616676/en-us
     
  5. Syonisus

    Syonisus Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    3
    Alright i will check those links when i install XP, thanks for helping, just wanted to make sure.
     
Loading...
Thread Status:
Not open for further replies.