(imported topic written by CSL2012)
Fixlet Request for Microsoft Security Advisory: 2854544
Will a fixlet be provided for Microsoft Security Advisory 2854544: Update to Improve Cryptography and Digital Certificate Handling in Windows? The advisory/patch was released (06/11/2013).
An update (KB2813430) for Microsoft Security Advisory: An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows.
Affected Software:
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows Server 2012
• Windows RT
Summary:
Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the Windows cryptography and certificate handling infrastructure in response to an evolving threat environment.
Synopsis of functionality added by the update
This update builds on the expanded Certificate Trust List (CTL) functionality provided in update 2677070, which gave enterprises more options for managing their private PKI environments. For more information, see An automatic updater of revoked certificates for Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. Windows 8, Windows Server 2012, and Windows RT also have this functionality built in.
This update allows administrators to:
-
Configure domain-joined computers to use auto update without having access to the Windows Update site. This applies to updates for both trusted and disallowed CTLs.
-
Configure domain-joined computers to independently opt in to auto update for both trusted and disallowed CTLs.
-
Examine the set of roots in Microsoft root programs and to choose a subset of them for distribution via Group Policy.
Reference URL:
http://technet.microsoft.com/en-us/security/advisory/2854544
,
http://support.microsoft.com/kb/2813430
Thanks,
Chi