Microsoft fixes SSL 'kill switch' blooper
Posted on: 09/20/2011 09:12 AM

ComputerWorld posted a story that Microsoft re-released an update today for Windows XP to correct a snafu that left users vulnerable to potential "man-in-the-middle" attacks for most of last week.

Microsoft fixes SSL 'kill switch' blooper


Today, Microsoft admitted that the update it shipped to Windows XP and Server 2003 users last Tuesday was flawed.

"The versions...for Windows XP and for Windows Server 2003 contained only the latest six digital certificates cross-signed by GTE and Entrust," said Microsoft in a revised support document. "These versions of the update did not contain the digital certificates that were included in [earlier updates]."

The earlier update, delivered by Microsoft on Sept. 6, blocked five DigiNotar root certificates.



Printed from NT Compatible (http://www.ntcompatible.com/news/story/microsoft_fixes_ssl_kill_switch_blooper.html)