A new problem has arisen. I had hoped that the August update might proceed smoothly. It didn't. So I checked the
Search for Windows Updates takes forever? - A possible solution page, and
KB3177725 had appeared. But the corresponding Vista link does not work, not even if I try it from Microsoft's page (
https://technet.microsoft.com/library/security/MS16-098).
Hi DrHow:
I've been having problems logging into the Microsoft Answers forum for the past few weeks and have also seen the occasional "
We are sorry, the page you requested cannot be found" message or a
502 web server error when I'm re-directed to the Microsoft Download Center after I click on the Vista links on Dalai's webpage at http://wu.krelay.de/en/. However, these errors are transient and disappear if I wait a few minutes and try again.
The problem is much worse if I use an insecure connection like a
public WiFi hotspot that is not password protected, and I'm beginning to wonder if this issue is connected to changes Microsoft has made to their Root Certificate Program to improve the security of secure (
https) connections - see the Microsoft Security Advisory
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program. The 04-May-2016 Ars Technica article
Microsoft to retire support for SHA1 certificates in the next 4 months notes that Microsoft actually accelerated their plans to
end support for SSL/TLS certificates signed with older SHA-1 certificates starting this summer for IE11 and Edge, and I've noticed a recent increase in 'Untrusted Connection' errors in my Firefox browser as Mozilla moves towards complete withdrawal of support for all SHA-1 signed certificates by January 1, 2017 - see the Mozilla blog entry
Phasing Out Certificates with SHA-1 based Signature Algorithms.
Vista SP2 users with
KB2763674 (released July 2013) should be able to handle certificates signed with newer SHA-2 (e.g., SHA-256) hashes, but I think these new rules for certificate signing are creating some unexpected problems for Vista users as antivirus software and web browsers start phasing in these changes. If I try to download the latest offline installer for Firefox v48.0.1 at
https://www.mozilla.org/en-US/firefox/all/, for example, the site will automatically detect that I have Vista and offer me the old v43.0.1 installer with a SHA-1 signed certificate by default, even though I have KB2763674 installed. Microsoft might be trying to enforce stricter code-signing requirements on the Microsoft.com site that are causing timeouts and other problems when Vista users try to re-direct from Dalai's http (not https) site at http://wu.krelay.de/en/.
It probably doesn't help that Dalai's webpage is hosted on a private server and he
switched his ISP in August 2016. He was concerned that he might have to change the DNS address to point to another server with a very slow internet connection, so it's possible some users will see timeouts when they are re-directed to the Microsoft Download Center from his webpage when his server is overloaded until he gets all the bugs worked out.
------------
32-bit Vista Home Premium SP2 * Firefox v48.0.1 * NIS v22.7.1.32 * MBAM Premium v2.2.1
