The question has been asked: will a new root update package (rootsupd.exe) with the changes in security advisory 2524375 be made available?  Changes in 2524375 add nine fraudulent end-entity certificates to the untrusted certificate store.

The answer is No, we will not have a new rootsupd.exe in response to the changes in 2524375. Rootsupd.exe distributes the trusted third-party root certificates on Windows. It is limited to distribution of root certificates only and does not include a blacklist of end-entity certificates.

Customers should apply the latest rootsupd.exe as they would apply any other root update package. They should apply the mitigation package available through 2524375 to protect against misuse of the fraudulent certificates.

Return to Microsoft Root Certificate Program Main Page