Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following DigiCert Sdn. Bhd intermediate certificates by putting them in the Microsoft Untrusted Certificate Store:
Digisign Server ID - (Enrich) issued by Entrust.net Certification Authority (2048)
Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root
This update replaces update 2616676.
The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
We have finished the investigation into an issue with update 2641690 for Windows 2003-based systems and for Windows XP x64-based systems.
Before November 16, 2011, Microsoft Windows Server Update Services (WSUS) server customers experienced problems with the versions of update 2641690 for Windows XP x64 and for Windows Server 2003.
On November 16, 2011, we rereleased update 2641690 to address this issue for Windows XP x64 and for all editions of Windows Server 2003.
Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because update 2641690 will be installed automatically.
All releases of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2 are not affected by this issue.
All supported versions of Microsoft Windows
The following files are available for download from the Microsoft Download Center:
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
All supported versions of Microsoft Windows Mobile 6.x
The following file is available for download from the Microsoft Download Center:
All supported version of Microsoft Windows Phone 7 and Microsoft Windows Phone 7.5
For more information about the Windows Phone 7 and Windows Phone 7.5 update including frequently asked questions, visit the following Microsoft webpage:
The following table provides the SMS detection and deployment summary for this update.
Collapse this tableExpand this table
Software
Configuration Manager 2007
Windows XP Service Pack 3
Yes
Windows XP Professional x64 Edition Service Pack 2
Yes
Windows Server 2003 Service Pack 2
Yes
Windows Server 2003 x64 Edition Service Pack 2
Yes
Windows Server 2003 with SP2 for Itanium-based Systems
Yes
Windows Vista Service Pack 2
Yes
Windows Vista x64 Edition Service Pack 2
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2
Yes
Windows Server 2008 for x64-based Systems Service Pack 2
Yes
Windows Server 2008 for Itanium-based Systems Service Pack 2
Yes
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Yes
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Yes
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Yes
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Yes
Update Deployment
Affected Software
For information about the specific update for your affected software, refer to the appropriate section for the operating system:
Windows XP (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For Windows XP Service Pack 3:
WindowsXP-KB2641690-x86-ENU.exe /quiet
For Windows XP Professional x64 Edition Service Pack 2:
WindowsServer2003.WindowsXP-KB2641690-v2-x64-ENU.exe/quiet
Installing without restarting
For Windows XP Service Pack 3:
WindowsXP-KB2641690-x86-ENU.exe /norestart
For Windows XP Professional x64 Edition Service Pack 2:
WindowsServer2003.WindowsXP-KB2641690-v2-x64-ENU.exe /norestart
Restart Requirement
Restart required?
Yes, you must restart your system after you apply this update.
Removal Information
Use the Add or Remove Programs item in Control Panel
Note The update for supported versions of Windows XP Professional x64 Edition also applies to supported versions of Windows Server 2003 x64 Edition.
Windows Server 2003 (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB2641690-v2-x86-ENU.exe /quiet
For all supported x64-based editions of Windows Server 2003:
WindowsServer2003.WindowsXP-KB2641690-v2-x64-ENU.exe /quiet
For all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB2641690-v2-ia64-ENU.exe/quiet
Installing without restarting
For all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB2641690-v2-x86-ENU.exe /norestart
For all supported x64-based editions of Windows Server 2003:
WindowsServer2003.WindowsXP-KB2641690-v2-x64-ENU.exe /norestart
For all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB2641690-v2-ia64-ENU.exe /norestart
Restart Requirement
Restart required?
Yes, you must restart your system after you apply this update.
Removal Information
Use the Add or Remove Programs item in Control Panel
Note The update for supported versions of Windows Server 2003 x64 Edition also applies to supported versions of Windows XP Professional x64 Edition.
Windows Vista (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For all supported 32-bit editions of Windows Vista:
Windows6.0-KB2641690-x86.msu /quiet
For all supported x64-based editions of Windows Vista:
Windows6.0-KB2641690-x64.msu /quiet
Installing without restarting
For all supported 32-bit editions of Windows Vista:
Windows6.0-KB2641690-x86.msu /quiet /norestart
For all supported x64-based editions of Windows Vista:
Windows6.0-KB2641690-x64.msu /quiet /norestart
Restart Requirement
Restart required?
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information
WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Windows Server 2008 (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB2641690-x86.msu /quiet
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB2641690-x64.msu /quiet
For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB2641690-ia64.msu /quiet
Installing without restarting
For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB2641690-x86.msu /quiet /norestart
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB2641690-x64.msu /quiet /norestart
For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB2641690-ia64.msu /quiet /norestart
Restart Requirement
Restart required?
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information
WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Windows 7 (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For all supported 32-bit editions of Windows 7:
Windows6.1-KB2641690-x86.msu /quiet
For all supported x64-based editions of Windows 7:
Windows6.1-KB2641690-x64.msu /quiet
Installing without restarting
For all supported 32-bit editions of Windows 7:
Windows6.1-KB2641690-x86.msu /quiet /norestart
For all supported x64-based editions of Windows 7:
Windows6.1-KB2641690-x64.msu /quiet /norestart
Restart Requirement
Restart required?
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information
To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
Windows Server 2008 R2 (all editions)
Reference Table
Collapse this tableExpand this table
Deployment
Installing without requiring user intervention
For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB2641690-x64.msu /quiet
For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB2641690-ia64.msu /quiet
Installing without restarting
For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB2641690-x64.msu /norestart
For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB2641690-ia64.msu /quiet /norestart
Restart Requirement
Restart required?
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal Information
To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Windows XP and Windows Server 2003 file information
The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.
For all supported x86-based versions of Windows XP
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
SP requirement
Service branch
Crypt32.dll
5.131.2600.6154
599,040
28-Sep-2011
07:06
x86
SP3
SP3GDR
Crypt32.dll
5.131.2600.6154
599,552
28-Sep-2011
07:05
x86
SP3
SP3QFE
For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
SP requirement
Service branch
Crypt32.dll
5.131.3790.4933
1,429,504
12-Nov-2011
21:23
x64
SP2
SP2GDR
Wcrypt32.dll
5.131.3790.4933
595,456
12-Nov-2011
21:23
x86
SP2
SP2GDR\WOW
Crypt32.dll
5.131.3790.4933
1,431,552
12-Nov-2011
21:18
x64
SP2
SP2QFE
Wcrypt32.dll
5.131.3790.4933
597,504
12-Nov-2011
21:18
x86
SP2
SP2QFE\WOW
For all supported x86-based versions of Windows Server 2003
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
SP requirement
Service branch
Crypt32.dll
5.131.3790.4933
595,456
12-Nov-2011
07:35
x86
SP2
SP2GDR
Crypt32.dll
5.131.3790.4933
597,504
12-Nov-2011
07:34
x86
SP2
SP2QFE
For all supported IA-64-based versions of Windows Server 2003
Collapse this tableExpand this table
File name
File version
File size
Date
Time
Platform
SP requirement
Service branch
Crypt32.dll
5.131.3790.4933
1,757,184
12-Nov-2011
21:57
IA-64
SP2
SP2GDR
Wcrypt32.dll
5.131.3790.4933
595,456
12-Nov-2011
21:57
x86
SP2
SP2GDR\WOW
Crypt32.dll
5.131.3790.4933
1,758,720
12-Nov-2011
21:45
IA-64
SP2
SP2QFE
Wcrypt32.dll
5.131.3790.4933
597,504
12-Nov-2011
21:45
x86
SP2
SP2QFE\WOW
Windows Vista and Windows Server 2008 file information
The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Collapse this tableExpand this table
Version
Product
Milestone
Service branch
6.0.6002. 18xxx
Windows Vista SP2 and Windows Server 2008 SP2
SP2
GDR
6.0.6002. 22xxx
Windows Vista SP2 and Windows Server 2008 SP2
SP2
LDR
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
The MANIFEST files (.manifest) and the MUM files (.mum), and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Vista and of Windows Server 2008
Windows 7 and Windows Server 2008 R2 file information
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Collapse this tableExpand this table
Version
Product
Milestone
Service branch
6.1.7600. 16xxx
Windows 7 and Windows Server 2008 R2
RTM
GDR
6.1.7600. 20xxx
Windows 7 and Windows Server 2008 R2
RTM
LDR
6.1.7601. 17xxx
Windows 7 and Windows Server 2008 R2
SP1
GDR
6.1.7601. 21xxx
Windows 7 and Windows Server 2008 R2
SP1
LDR
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
The MANIFEST files (.manifest) and the MUM files (.mum), and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
Back to the top
