All certificates issued by DigiNotar, a Dutch provider of Secure Socket Layer (SSL) certificates, are untrustworthy Microsoft concluded after an investigation into the matter. The certificates are to be moved to the Untrusted Certificate List Tuesday.

The patch fixes the problem for all versions of Windows and Windows Server, including Windows XP and Server 2003, Dave Forstrom, director of Microsoft's Trustworthy Computing division, announced in a .

As of Aug. 29 the Certificate Trust List (CTL) was to remove DigiNotar from the list of Certificate Authorities (CAs). That list, with valid root certificates, is automatically updated for Windows Vista, Windows 7 and Windows Server 2008. Windows Vista and higher check every seven days for changes in the list, so the last time these OSes were vulnerable for the 500 rogue DigiNotar certificates was Sept. 5, Microsoft stated.

Windows XP and Windows Server 2003 work with a static list that has to be updated trough a security patch. "We have extended our support with this update so all customers using Windows XP, Windows Server 2003, and all Windows supported third-party applications are protected," Forstrom wrote. After this update, all DigiNotar certificates are no longer trusted for HTTPS connections.

The patch will be rolled out worldwide Tuesday with one exception. By government request Microsoft has refrained from patching the OSes in the Netherlands, the company said in a Dutch press release. "At the explicit request of the Dutch government, Microsoft has decided not to automatically execute the update for the Netherlands," Microsoft Netherlands stated.