Forum Thread: Are the Root Certificates also checked in PSI?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
PatLuja Are the Root Certificates also checked in PSI?
Member 13th Mar, 2012 09:43
Ranking: 0
Posts: 1
User Since: 5th Jan, 2009
System Score: N/A
Location: N/A

I would like to know if the Root Certificates (like in Microsoft KB931125) are also checked in PSI?

I ask this because in my opinion, this is an important part when trying to use your computer safely. (As we all have learned in the past year, with the certificates from DigiNotar, amongst others.)

Also Windows offered the an update for the Root Certificates (KB931125), but the PSI scan I just did before that, didn't suggest this update.

Thank you kindly in advance.

With kind regards,
Patrick Luja

Maurice Joyce RE: Are the Root Certificates also checked in PSI?
Handling Contributor 13th Mar, 2012 10:51
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Root Certificates are maintained by Microsoft as explained here:

There is much debate about Root Certificates. This is an extract from Windows Secrets created by Susan Bradley***.

"Take a pass on this Windows XP root certificate

One of the few updates Microsoft released this week is a root certificate for Windows XP. As I'm sure you recall, we've had a couple of out-of-cycle updates that revoked rogue certificates. As I stated in the Sept. 8, 2011, Top Story about the security-certificate process, "Typically, this system works well. But on the rare occasions it fails - when the chain of trust is broken - it can instantly affect thousands of PCs."

Vista and Windows 7 get their root certificate updates automatically, so you can't decline them on these platforms. But XP users can install or delete them manually. Still, given that most certificates for websites are added as we surf the Web, I'm not convinced that XP users need these root-certificate updates. (And not installing an XP root-certificate update means you don't have to worry about revoked certificates in the future.)

? What to do: XP users: Decline KB 931125."

To the best of my knowledge Root Certificates do not have the meta data required to asset track them nor will they notify U that an update is available. That is Microsoft's remit.

*** I personally take no notice of any advice offered by Windows Secrets on Microsoft Updates. My motto is to always install them all once tests are complete.


Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
IE & Edge Only
Was this reply relevant?

This thread has been marked as locked.