Announcing the automated updater of untrustworthy certificates and keys
Published Jan 24 2020 01:59 PM 1,103 Views

First published on TECHNET on Jun 11, 2012

There are a number of known untrusted certificates and compromised keys that have been issued by standard trusted root certification authorities. To help customers avoid interacting with these untrusted or compromised certificates and keys, an Automatic Updater of revoked certificates is now available for Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7, and Windows Server 2008 R2 computers. Learn more and download the updater through Microsoft KB 2677070 .


In the past, customers would have had to make changes to the Untrusted Certificate Store by initiating updates through Windows Update or by using a manual method. For example, the updates published in KB 2718704 , which describes an update to move unauthorized certificates to the untrusted store, had to be initiated manually. This new feature provides dynamic updates for revocation information so that Windows clients can be updated with untrusted certificates at most within a day of the information being published (no user interaction required). This new automatic updater will enable Certificate Authorities to report information about their revoked CA certificates to Microsoft and have them publicly untrusted in a much faster manner as compared to propagating this information by using CRLs.

Version history
Last update:
‎Feb 21 2020 05:52 AM
Updated by: