DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2798897 - Last Review: January 11, 2013 - Revision: 4.0

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following certificates by putting them in the Microsoft Untrusted Certificate Store:
  • *.google.com issued by *.EGO.GOV.TR
  • e-islem.kktcmerkezbankasi.org issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • *.EGO.GOV.TR issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
This update replaces update 2728973 (http://support.microsoft.com/kb/2728973) .

The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
http://technet.microsoft.com/security/advisory/2798897 (http://technet.microsoft.com/security/advisory/2798897)

More information

The following files are available for download from the Microsoft Download Center:

Update for Windows XP and Windows Server 2003 (KB2798897)

Collapse this imageExpand this image
Download
Download the package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=f41d271f-8715-4f65-92e7-91676bbd055c)

Update for Windows Vista, Windows 7, Server 2008, and Server 2008 R2 (KB2798897)

Collapse this imageExpand this image
Download
Download the package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=7388e7a4-c009-4c88-a635-f962c979c2d8)

Update for Windows 8 and Windows Server 2012 (KB2798897)

Collapse this imageExpand this image
Download
Download the package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=c77acabc-ecba-4d11-ae35-511a2dc6e562)

Release Date: January 3, 2013

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update Information

Detection and deployment tools and guidance

Systems Management Server

The following table provides the Systems Management Server (SMS) detection and deployment summary for this update.
Collapse this tableExpand this table
SoftwareSystem Center Configuration Manager (all supported versions)
Windows XP Service Pack 3Yes
Windows XP Professional x64 Edition Service Pack 2Yes
Windows Server 2003 Service Pack 2Yes
Windows Server 2003 x64 Edition Service Pack 2Yes
Windows Server 2003 with SP2 for Itanium-based SystemsYes
Windows Vista Service Pack 2Yes
Windows Vista x64 Edition Service Pack 2Yes
Windows Server 2008 for 32-bit Systems Service Pack 2Yes
Windows Server 2008 for x64-based Systems Service Pack 2Yes
Windows Server 2008 for Itanium-based Systems Service Pack 2Yes
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1Yes
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1Yes
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1Yes
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Yes
Windows 8 for 32-bit SystemsYes
Windows 8 for 64-bit SystemsYes
Windows RTYes
Windows Server 2012Yes

Update deployment

Affected software

For information about the specific update for your affected software, refer to the appropriate section for the operating system:

All editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

Reference table
Collapse this tableExpand this table
Deployment
Installing without requiring user interventionFor all supported editions of Windows XP:
rvkroots.exe /q
Installing without restartingFor all supported editions of Windows XP:
rvkroots.exe /r:n
Restart requirement
Restart required?This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal informationThis update cannot be uninstalled.

Installation verification

For systems that are not using the automatic updater of revoked certificates, in the Certificates MMC snap-in, verify that the following certificates have been added to the Untrusted Certificates folder:
Collapse this tableExpand this table
CertificateIssued byThumbprint
*.google.com*.EGO.GOV.TR‎4d 85 47 b7 f8 64 13 2a 7f 62 d9 b7 5b 06 85 21 f1 0b 68 e3
e-islem.kktcmerkezbankasi.orgTURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri‎f9 2b e5 26 6c c0 5d b2 dc 0d c3 f2 dc 74 e0 2d ef d9 49 cb
*.EGO.GOV.TRTURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri‎c6 9f 28 c8 25 13 9e 65 a6 46 c4 34 ac a5 a1 d2 00 29 5d b1
Note For information about how to view certificates by using the Certificates MMC snap-in, see the MSDN article, How to: View Certificates with the MMC Snap-in (http://msdn.microsoft.com/en-us/library/ms788967.aspx) .

Windows RT

Updates for Windows RT are available from Windows Update (http://go.microsoft.com/fwlink/?LinkId=21130) only.

Installation verification

Windows RT contains the automatic updater of revoked certificates (See Microsoft Knowledge Base Article 2677070  (http://support.microsoft.com/kb/2677070/ ) ). To validate the newly revoked certificates have been added to the CTL, check the Application log in the Event Viewer for an entry with the following values:
  • Source: CAPI2
  • Level: Information
  • Event ID: 4112
  • Description: Successful auto update of disallowed certificate list with effective date: Monday, December 31, 2012 (or later).

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

For all supported versions of Windows

Collapse this imageExpand this image
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Advpack.dll6.0.2600.091,13631-May-201223:54x86
Disallowedcert.sstNot Applicable83,06731-Dec-201223:59Not Applicable
Updroots.exe5.2.3790.44566,65601-Jun-201218:48x86
W95inf16.dll4.71.704.02,27231-May-201223:55Not Applicable
W95inf32.dll4.71.16.04,60831-May-201223:55x86
Collapse this imageExpand this image

Applies to
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2798897
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support