Jump to content

Root Certificates and Revoked Certificates for Windows XP


heinoganda
 Share

Recommended Posts


If you want to get it immediately.

 

http://w2k.flxsrv.org/wlu/wluen.htm

You can get with  Manual Update here.

Search keyword "cert"

 

 

disallowedcert.sst was updated by Microsoft on 2015/12/01, released today. Affected certificates are described in Microsoft's SA3123040.

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable RvkRoots.exe should follow his instructions for creating their own, or PM me for an updated EXE file.

Link to comment
Share on other sites

@5eraph

Came out from the date of publication, of course, the creation date is endowed earlier. Then of course this is not an error, ultimately I think it does not matter. Was probably so little irritated.

Info:

Last Download the Files authroots.sst, delroots.sst and updroots.sst have the Date 2015/11/20.

 

@pcalvert

You can choose what you would you rather do. It is enough if you execute Cert_Updater.exe, just as if you execute RvkRoots.exe. One of them is sufficient.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

Gang!

 

1)  How are the Dec 8 POS updates?  Safe for my dog-eared XP machine? 
   (Two Win 7 Pro 64-bit machines updated nicely this week, but a third one hung on the reboot and I had to go massage it.  So I'm just a tad nervous for my more important XP senior citizen.)

 

2)  Also, I just downloaded and ran heinoganda's Cert_Updater.exe for the first time ever.  Its last Modified date is Friday, October 23, 2015, 8:51:56 PM.

But I understand that's not important because it reaches out to MS for the latest certificate information.

Am I correct about that?

 

Many thanks.

Link to comment
Share on other sites

2)  Also, I just downloaded and ran heinoganda's Cert_Updater.exe for the first time ever.  Its last Modified date is Friday, October 23, 2015, 8:51:56 PM.

But I understand that's not important because it reaches out to MS for the latest certificate information.

Am I correct about that?

 

Yes. heinoganda's Cert_Updater.exe is a download once run many times program. And yes, you've got that right, when you run it, it retrives the latest certificates and revoke lists directly from MS, then installs them for you. So you need to be connected to the internet, when you run it, or it'll fail (and tell you so).

Link to comment
Share on other sites

Gang!

 

1)  How are the Dec 8 POS updates?  Safe for my dog-eared XP machine? 

   (Two Win 7 Pro 64-bit machines updated nicely this week, but a third one hung on the reboot and I had to go massage it.  So I'm just a tad nervous for my more important XP senior citizen.)

 

2)  Also, I just downloaded and ran heinoganda's Cert_Updater.exe for the first time ever.  Its last Modified date is Friday, October 23, 2015, 8:51:56 PM.

But I understand that's not important because it reaches out to MS for the latest certificate information.

Am I correct about that?

 

Many thanks.

 

I have no problems to report with any of the recent updates.  I'm also considering throwing the Updater in my Startup Folder so remembering to do that whole process becomes less of a concern.

Edited by SD73
Link to comment
Share on other sites

 I have no problems to report with any of the recent updates.  I'm also considering throwing the Updater in my Startup Folder so remembering to do that whole process becomes less of a concern.

 

 

I wouldn't have thought it was necessary to run the certificates updater program on every single boot, but you could set up a scheduled task to run it automatically every week say.

:)

Edited by Dave-H
Link to comment
Share on other sites

Hello Dave-H, an update interval of every 2-3 months should be sufficient by Cert_Updater.

 

@glnz

By removing the .NET Framework 3.5 you should be careful, there are drivers (VGA) that are dependent on it.

 

:)

Edited by heinoganda
  • Upvote 1
Link to comment
Share on other sites

Hello Dave-H, an update interval of every 2-3 months should be sufficient by Cert_Updater.

Thanks, that does sound like a good rule of thumb for how often it should be run, although obviously running it once a month say would do no harm.

Considering the recently revoked roots (SA3119884, SA3123040) haven't been released on any kind of schedule, once per week or two may be more appropriate. And there will be another trusted root certificates update next month.

[...] we identified a few partners who will no longer participate in the [Trusted Root Certificate Program], either because they have chosen to leave voluntarily or because they will not be in compliance with the new requirements. We’ve published a complete list of Certificate Authorities below that are out of compliance or voluntarily chose to leave the program and will have their roots removed from the Trusted Root CA Store in January 2016.

Emphasis mine.

Link to comment
Share on other sites

Have released version 1.1 of Cert_Updater. Now also the creation date of the downloaded sst files appears.

 

@liamZ

Preliminary thanks for the info. From KB291365 I can not find any information and is not with me on the list yet. KB2938780 was my opinion on Windows XP is not of interest, but due to the higher version number in the file "system.dll", this update should prove unnecessary. NDP40-KB3048074-x86 replaced by NDP40-KB3072309-x86 replaced by NDP40-KB3099866-x86, since I've actually overlooked yet KB3048074. Incidentally, in my signature are links to my neat (if I get to that) .NET Framework lists.

 

:)

Edited by dencorso
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...