: Must be running Windows XP Service Pack 3 (or Windows Server 2003 SP2).
While the focus here is on the x86 architecture, the vulnerability affects several legacy Microsoft operating systems. For the specific x86 PTB package, the affected software includes: windows xp kb 968730 x86 ptb hotfix
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix" /s | findstr "968730" : Must be running Windows XP Service Pack
Windows XP Service Pack 3 does not natively support SHA-2 certificates for certificate enrollment. If your system needs to obtain certificates from a Windows Server 2008 (or newer) Certificate Authority (CA) using SHA-2 256 or higher, you will likely encounter Event ID 13 ("Automatic certificate enrollment... failed"). Key Details If your system needs to obtain certificates from
Your system must already be running Windows XP Service Pack 3 (SP3) .
: Addresses an issue where clients cannot obtain certificates from a Windows Server 2008 (or newer) Certificate Authority (CA) if that CA is configured to use SHA-2 encryption.
The primary reports came from large financial institutions and government agencies in Brazil (hence the PTB language requirement) that had standardized on Windows XP workstations. These organizations often ran legacy VMware virtual desktop infrastructure (VDI) or Citrix environments. The bug was most reproducible when using proxy auto-configuration (PAC) scripts and specific SSL/TLS filtering proxies.
