- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie – G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
The update is available for all supported versions of Windows (XP, 2003, Vista, 2008, 7 and 2008R2) and increases the number of revoked certificates from two to five.
In a perfect world Microsoft would just rely on its Microsoft Certificate Trust List to validate the trust of a certification authority. However Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List and as a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.
Interestingly, the update also changes IE’s behaviour in that users are no longer just presented with a warning about any certificates issued by DigiNotar, but they are prevented from accessing sites completely.
In order to protect customers more comprehensively against possible man-in-the-middle attacks, Microsoft is releasing an update that takes additional measures to protect customers by completely preventing Internet Explorer users from accessing resources of Web sites that contained certificates signed by the untrusted DigiNotar root certificates. Internet Explorer users who apply this update will be presented with an error message when trying to access a Web site that has been signed by either of the above DigiNotar root certificates. These users will not be able to continue to access the Web site.