Windows Server 2003 Gets Its Own Certificate Spoof Patch

On July 10, 2014, Microsoft released an update for most supported Windows client and server versions, in order to protect computers from improperly issued digital certificates. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties. Interestingly, the illegal certificates were designated to google and yahoo domains.

Microsoft issued a security warning (Microsoft security advisory: Improperly issued digital certificates could allow spoofing), and released updated Certificate Trust Lists for Windows Server 2008, Windows Vista, Windows 7, Windows 8.x, Windows Server 2012.x, and even Windows Phone 8.x. At the time, there was no update available for Windows Server 2003.

Today, Microsoft has made available the update for Windows Server 2003, bringing all currently supported Windows versions under protection.

Here's the download: Security Update for Windows Server 2003 (KB2982792)

Windows Server 2003 exits support on July 14, 2015, giving organizations less than a year to migrate to a newer, more modern server operating system.