Microsoft on Tuesday released (again) the five security bulletins for its September Patch Tuesday. None of the fixes being released today is rated critical, with all five being rated important. Three of the bulletins fix flaws that could result in code execution.
Microsoft also updated the security bulletin it originally released a couple of weeks ago regarding the DigiNotar compromise, revoking trust for an additional six root certificates issued by the CA. The company removed trust for a number of certificates that were cross-signed by GTE and Entrust. Here is the list of certificates placed by Microsoft into the Untrusted Certificate Store:
- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie – G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
- DigiNotar Root CA Issued by Entrust (2 certificates)*
- DigiNotar Services 1024 CA Issued by Entrust*
- Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)*
The five bulletins released by Microsoft on Tuesday include fixes for vulnerabilities in Windows, Office, Excel, Sharepoint and WINS. In an odd mistake, Microsoft on Friday accidentally made the link to the September bulletins live four days early. The page was only available for a short time before Microsoft removed it, but it was long enough for several sites to post the text of the advisories.
