| By Susan Bradley |
In a week when Microsoft is keynoting the RSA security conference and announcing Windows 8 Consumer Preview, we’re lucky enough to have end-of-the-month patches that are quite tame — almost boring.
And that gives us a chance to catch our collective patching breath and revisit some troublesome updates.
Take a pass on this Windows XP root certificate
One of the few updates Microsoft released this week is a root certificate for Windows XP. As I’m sure you recall, we’ve had a couple of out-of-cycle updates that revoked rogue certificates. As I stated in the Sept. 8, 2011, Top Story about the security-certificate process, “Typically, this system works well. But on the rare occasions it fails — when the chain of trust is broken — it can instantly affect thousands of PCs.”
Vista and Windows 7 get their root certificate updates automatically, so you can’t decline them on these platforms. But XP users can install or delete them manually. Still, given that most certificates for websites are added as we surf the Web, I’m not convinced that XP users need these root-certificate updates. (And not installing an XP root-certificate update means you don’t have to worry about revoked certificates in the future.)
► What to do: XP users: Decline KB 931125.
Improving update installations on Windows 7
I have one Windows 7 machine that throws out an error when I try installing Service Pack 1. It fails with a cryptic error code 80004005. So I’m glad to see a revised version of the System Update Readiness Tool that helps ensure you can cleanly install updates.
Vista, Windows 7, and the upcoming beta of Windows 8 all contain component-based servicing technologies. This tool goes through files and the Registry, checking for inconsistencies.