By Susan Bradley/Windows Secrets Newsletter
Revisiting Microsoft service packs
In the Northern Hemisphere, it’s springtime — time to revisit Windows 7 and Office service packs.
Our lack of major updates at the end of the month means we can devote time to getting needed service packs installed.
Microsoft root certificates get another update
One of the confusing aspects of this update is that Microsoft uses the same patch number for every root-certificate update throughout the year. So if you’ve seen 931125 before, that’s why.
As before, I recommend that XP users pass on this update — unless a website specifically requires a root-certificate included in update KB 931125.
(As I’ve noted before, Vista and Windows 7 machines will download and install this update automatically; XPs have to install it manually, typically through Windows Update’s Optional updates section.)
Why make a recommendation that seems to make Windows XP more vulnerable than Vista and Win7? Because I still think there are issues with the entire certificate-authority chain of trust. And the following statement from this update’s page should not add to your level of comfort: “The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.”
It can difficult to find out exactly what’s in a root-certificate update. A Microsoft TechNet Wiki provides some information. But typically, you have to install the update and check what certificates changed.
Moreover, some of the updated certificates have only limited applications. The February release (page), for example, included certificates for the Israeli and Swedish governments. I’ve nothing against these countries, but I can’t recall ever going to any of their websites. And given past problems with trust certificates, why should I go through the work of manually installing SSL certificates for sites I never plan to visit?
► What to do: Unless a website demands an updated trust certificate, Windows XP users can pass on KB 931125.
This post is excerpted with permission from Windows Secrets.