Today we’re updating Security Advisory 2607712, to announce that based on our investigation, we’ve deemed all DigiNotar certificates to be untrustworthy and have moved them to the Untrusted Certificate Store. Additionally, we have extended our support with this update so all customers using Windows XP, Windows Server 2003, and all Windows supported third-party applications are protected.

Today’s update, deployed via Automatic Update, applies to all supported releases of Microsoft Windows, and revokes the trust of the following DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store:

  • ·         DigiNotar Root CA
  • ·         DigiNotar Root CA G2
  • ·         DigiNotar PKIoverheid CA Overheid
  • ·         DigiNotar PKIoverheid CA Organisatie – G2
  • ·         DigiNotar PKIoverheid CA Overheid en Bedrijven

We recognize this issue as an industry problem, and we have been actively collaborating with certificate authorities, governments, and software vendors to help protect our mutual customers. We continue to investigate this issue, and will update this blog as new information becomes available.

For more information about this issue and the actions Microsoft is taking to protect its customers, please visit Security Advisory 2607712.

Thanks,

Dave Forstrom

Director, Trustworthy Computing