You are currently offline, waiting for your internet to reconnect

Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

INTRODUCTION
Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. The update revokes the trust of the following DigiNotar root certificates by putting them in the Microsoft Untrusted Certificate Store:
  • DigiNotar Root CA
  • DigiNotar Root CA G2
  • DigiNotar PKIoverheid CA Overheid
  • DigiNotar PKIoverheid CA Organisatie - G2
  • DigiNotar PKIoverheid CA Overheid en Bedrijven
The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
MORE INFORMATION

Download information

The following files are available for download from the Microsoft Download Center:

DownloadDownload the Update for Windows 7 (KB2607712) package now.

DownloadDownload the Update for Windows 7 for x64-based Systems (KB2607712) package now.

DownloadDownload the Update for Windows Server 2008 R2 for Itanium-based Systems (KB2607712) package now.

DownloadDownload the Update for Windows Server 2008 R2 x64 Edition (KB2607712) package now.

DownloadDownload the Update for Windows Vista (KB2607712) package now.

DownloadDownload the Update for Windows Vista for x64-based Systems (KB2607712) package now.

DownloadDownload the Update for Windows Server 2008 (KB2607712) package now.

DownloadDownload the Update for Windows Server 2008 for Itanium-based Systems (KB2607712) package now.

DownloadDownload the Update for Windows Server 2008 x64 Edition (KB2607712) package now.

DownloadDownload the Update for Windows XP (KB2607712) package now.

DownloadDownload the Update for Windows XP x64 Edition (KB2607712) package now.

DownloadDownload the Update for Windows Server 2003 (KB2607712) package now.

DownloadDownload the Update for Windows Server 2003 for Itanium-based Systems (KB2607712) package now.

DownloadDownload the Update for Windows Server 2003 x64 Edition (KB2607712) package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned these files for viruses. Microsoft used the most current virus-detection software that was available on the date that the files were posted. The files are stored on security-enhanced servers that help prevent any unauthorized changes to the files.

Known issues

  • An issue with the package was found in which the PKIoverheid certificates were missing from the Windows Vista update and from the Windows Server 2008 update on Microsoft Download Center. Customers who downloaded the package before September 9, 2011, should download and install the update again. Customers who installed the update through Automatic Updates or through Windows Update are not affected.
  • A restart is required for all editions of Windows XP and of Windows Server 2003.
  • A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
  • At the explicit request of the Dutch government, the release of the automatic update functionality was delayed for the Netherlands for one week. The following describes the change to the customer installation experience for users in the Netherlands:
    • This update will be automatically installed if users have Windows Automatic Updates enabled.
    • Users can also install security update 2607712 manually. To do this, visit the following Microsoft Update website, and then check for online updates:
    • Users can also install these updates manually by visiting the download links that are included in this article.
    The Dutch government has additional information available about this incident and about the use of any DigiNotar certificates. For more information, visit the following third-party webpage: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2607712 - Last Review: 04/12/2012 20:27:00 - Revision: 6.2

  • Windows 7 Service Pack 1
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2
  • Windows Vista Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2607712
Feedback
document.write("