1 Reply Latest reply on Mar 28, 2011 1:16 PM by historicalshavlikemployee

    Scanning for Microsoft Security Advisory 2524375 Fraudulent Digital Certificates Patch


      I would like to deploy the patches that Microsoft released on March 23, 2011 to block the Fraudulent Digital Certificates issued by Comodo. I see that the suggested action is to install the patches in Microsoft KB 2524375. Presumably those patches will add the fraudulent certificates to the untrusted certificates folder.

      (I see many system administrators considering these patches as urgent and are deploying them right away, not waiting for their next regularly scheduled patch cycle.)

      Currently neither NetChk nor Microsoft Update find these patches as missing. Is Shavlik planning to add support for scanning for these patches?

      I could create a custom patch, but to be able to scan for the patch, I need a file and version or registry key that is changed by the patch. Does anyone know how to scan for the fraudulent certificates being listed in the untrusted certificate folder?

      I could do a blind deployment using a custom patch (which is always found as missing), but I do not know of a way of knowing if some target machines did not get the patch installed.

      Darryl J. Roberts, MCSE, MCP+I, CompTIA CTT+; IT Professional Services; Ventura, CA, USA;