I have run this patch on several Win7 and WinXP machines, and just ran it against my Win2k8 R2 TS/RDP server.
Please detail exactly what you mean by "it is still revoking my certificates". This is not something that should affect your internal CA infrastructure, unless you've somehow incorporated MSFT certs into your cert chain. Frankly, I'm not worried about patching my servers (on an emergency basis - I'll catch it in my regular cycle) except for the one mentioned above, because users actually do log into it - unless someone shows me I need to think differently about it. Kurt On Mon, Jun 4, 2012 at 6:02 PM, Troy Adkins <[email protected]> wrote: > Has anyone ran this patch. > > I ran the patch on my CA, but it is still revoking my certificates. > > Sent from my iPad > > On Jun 4, 2012, at 6:47 PM, "Kurt Buff" <[email protected]> wrote: > >> ---------- Forwarded message ---------- >> From: Current Activity <[email protected]> >> Date: Mon, Jun 4, 2012 at 6:29 AM >> Subject: US-CERT Current Activity - Unauthorized Microsoft Digital >> Certificates >> To: Current Activity <[email protected]> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> US-CERT Current Activity >> >> Unauthorized Microsoft Digital Certificates >> >> Original release date: Monday, June 4, 2012 at 09:16 am >> Last revised: Monday, June 4, 2012 at 09:16 am >> >> >> Microsoft has released a security advisory to address the revocation of >> a number of unauthorized digital certificates. Maintaining these >> certificates within your certificate store may allow an attacker to >> spoof content, perform a phishing attack, or perform a man-in-the-middle >> attack. >> >> The following certificates have been revoked by this update: >> * Microsoft Enforced Licensing Intermediate PCA (2 certificates) >> * Microsoft Enforced Licensing Registration Authority CA (SHA1) >> >> Microsoft has provided an update to all support versions of Microsoft >> Windows to address this issue. Additional information can be found in >> Microsoft Security Advisory 2718704. >> >> US-CERT encourages users and administrators to apply any necessary >> updates to help mitigate the risk. >> >> Relevant Url(s): >> <http://technet.microsoft.com/en-us/security/advisory/2718704> >> >> >> ____________________________________________________________________ >> >> Produced by US-CERT, a government organization. >> ____________________________________________________________________ >> >> This product is provided subject to the Notification as indicated here: >> http://www.us-cert.gov/legal.html#notify >> >> This document can also be found at >> http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates >> >> For instructions on subscribing to or unsubscribing from this >> mailing list, visit http://www.us-cert.gov/cas/signup.html >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.5 (GNU/Linux) >> >> iQEVAwUBT8y4OndnhE8Qi3ZhAQI7KQf9FJlkJKlULO6evs0oCeBvtrsfO7LEHdxZ >> J18LnH6PEpiNac3QjzVnaGYmZ5HM84UgoW0gqw1hmqCpFbo6xCqdqxB0wWjL7Qh1 >> 7U5RstYN7riYCp1Z0mQsfhdrvD7Rpb0NTIGfFUJHN+/LUuFeY2YzjujgPw6PmqDo >> P+kUK3fda05WMlxFbUxSWQ3+hcCIfRv5rUY+87jDB2NDju+7Aqs/GfNZE2JORngp >> tKeA2ZoUo32AgFGpcDUZeGTwJlcBSGQFKmgHHlsjGEEeNB/Agn5wviX3bkIxieUX >> zbXft1vBMCa81cf3QtdZDb4FbvWIi7+AkmNQvbCkPJkw3M5elkS26Q== >> =nYRj >> -----END PGP SIGNATURE----- >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
