Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. The update revokes the trust of the following DigiNotar root certificates by putting them in the Microsoft Untrusted Certificate Store:
DigiNotar Root CA
DigiNotar Root CA G2
DigiNotar PKIoverheid CA Overheid
DigiNotar PKIoverheid CA Organisatie - G2
DigiNotar PKIoverheid CA Overheid en Bedrijven
The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned these files for viruses. Microsoft used the most current virus-detection software that was available on the date that the files were posted. The files are stored on security-enhanced servers that help prevent any unauthorized changes to the files.
An issue with the package was found in which the PKIoverheid certificates were missing from the Windows Vista update and from the Windows Server 2008 update on Microsoft Download Center. Customers who downloaded the package before September 9, 2011, should download and install the update again. Customers who installed the update through Automatic Updates or through Windows Update are not affected.
A restart is required for all editions of Windows XP and of Windows Server 2003.
A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
At the explicit request of the Dutch government, the release of the automatic update functionality was delayed for the Netherlands for one week. The following describes the change to the customer installation experience for users in the Netherlands:
This update will be automatically installed if users have Windows Automatic Updates enabled.
Users can also install security update 2607712 manually. To do this, visit the following Microsoft Update website, and then check for online updates:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Windows 7 Service Pack 1, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Home Premium, Windows 7 Home Basic, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Service Pack 2, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Service Pack 2, Windows Vista Service Pack 1, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows XP Service Pack 3