Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Need real-world translation for every day user

05 Sep 2011   #1

MS Windows 7 Ultimate SP1 64-bit
Need real-world translation for every day user

The recent certificate problem which it turns out also affected microsoft and windows update has been addressed by Microsoft.

My question, after reading following, do we need to be concerned that maybe some update problems we see are related to this problem?

Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates - Security Research & Defense - Site Home - TechNet Blogs

My System SpecsSystem Spec
05 Sep 2011   #2

Windows 7 & Windows Vista Ultimate

It is definitely complicated but I would not expect to see update problems. Rather, Windows XP users of IE could be susceptible to "man-in-the-middle" attacks until the Microsoft update is issued or they manually remove the DigiNotar certificate. However, don't forget that the SRD blog posts states that a man-in-the-middle attack can only occur if one of the following also occurs:
  • The attacker is on your local network (open wireless network, for example);
  • The attacker owns or operates the network infrastructure between the victim client and the listening server; or
  • The attacker controls the DNS server used by your ISP, or can influence your choice of DNS server via DHCP responses if a client gets DNS settings via DHCP.
It cannot be stated that all Windows Vista and above systems were completely safe and not at risk after the issuance of Security Advisory 2607712 because they could have had a cached DigiNotar as a trusted root CA. Fortunately, the cached list is updated client-side every seven days. That makes the last date an attack targeting Internet Explorer users on Windows Vista and later platforms might possibly be successful is today, September 5.

As explained by Greg Keizer, Microsoft: Stolen SSL certs can't be used to install malware via Windows Update:

According to Microsoft, the certificates issued for couldn't be used by attackers because the company no longer uses that domain. (Windows Update is now at However, those for -- the domain for Microsoft Update -- and the wildcard * could be.

As Ness said, updates delivered via Microsoft's services are signed with a separate certificate that's closely held by the company.
Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail.
My System SpecsSystem Spec
06 Sep 2011   #3

Windows 7 & Windows Vista Ultimate

Copied from my blog:

Microsoft Security Advisory 2607712 has been updated to revoke the trust of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.

The update is available via Automatic Update and applies to all supported releases of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

Copied below are the known issues from Microsoft KB Article 2607712, Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing for this update.

Known issues

  • A restart is required for all editions of Windows XP and of Windows Server 2003.
  • A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
  • At the explicit request of the Dutch government, the release of this update on Windows Update will be delayed for the Netherlands.

    This update will become available to the Netherlands on Windows Update and on all Automatic Update channels at a later date. Customers who want to manually install this update should click the appropriate platform download in the "Download information" section. On the next page, users will be able to select the language to install and can continue with the download and the installation.

My System SpecsSystem Spec

06 Sep 2011   #4

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu

Update is now live - but needs to be selected to install (is only classed as Important) ...

Need real-world translation for every day user-update-certificate.png

My System SpecsSystem Spec

 Need real-world translation for every day user

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Lost In Translation Signs From Around The World
Chillout Room
Real World Benefits - Win8 v's Win7
I installed Win8 onto a separate partition and I suppose the MetroUI is a matter of personal taste. Personally not really for me but who knows what the final release will be. Maybe Microsoft are testing the waters and if there are enough negatives may give the option for a classic look otherwise as...
General Discussion
What is actual SATA tranfer rate real world???
Just to make sure... this is a question regarding SATA 2.0 mechanical HDD Transfer rates. My intention is to build a list or database of actual, real world, transfer rates for mechanical SATA drives. No need to post your SSD transfer rates here. What should a user expect transfer-wise when...
Performance & Maintenance
Real-World Malware Protection Report
Magdeburg-based research lab today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10...
System Security
Real-World Protection With IE8ís SmartScreen Filterô

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:01.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App