Share via

Kb5050021 breaks Certificate Chain, (0x800b010c) "A certificate was explicitly revoked by its issuer"

Anonymous
2025-01-16T04:52:55+00:00

Kb5050021 breaks 'DigiCert Trusted Root G4' chain, Windows 11 x64 23H2

Unable to load Everything (C:\Program Files\Everything 1.5a\Everything64.exe), or run the signed installer which can be downloaded here: https://www.voidtools.com/forum/viewtopic.php?t=9787Author asserts his cert was not revoked. It was signed Jan 1 2025.

It was working before the update. I reproduced this issue after completing a disk image recovery prior to the kb5050021 update ; Everything worked fine once again. After updating windows a second time the problem returned once again. Windows claims the certificate was revoked by issuer for executables signed by the Digicert Trusted Root G4 chain. Next, to factor out the certificates, assuming the cert store would remain unchanged, I simply uninstalled the update and the problem also went away again.

Says the signature is OK under properties/details of the Installer

But when I try run the installer I get the following error

I used digicerts own certificate testing utility for windows and verified its authenticity.

Any ideas how to fix this problem?

***moved from Windows / Windows 11 / Security and privacy***

Windows for business | Windows Client for IT Pros | Devices and deployment | Set up, install, or upgrade

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-01-18T11:39:40+00:00

    Voidtools Everything represents an evolutionary leap in windows search and indexing technology. Microsoft's blanket ban of voidtools products and mislabeling them as drivers may constitute an illegal act of monopolistic behavior.

    If you think you are a victim of Microsofts monopolistic behaviors contact the Federal Trade Commission (FTC): Visit the FTC's website and use their online complaint form or call their Consumer Response Center. Reach out to the Department of Justice (DOJ): The Antitrust Division of the DOJ handles antitrust complaints. You can submit information about potential antitrust violations through their website.

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2025-01-24T12:46:49+00:00

    My solution is downloading a eailer version, e.g., 1.0.0

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2025-01-18T07:40:25+00:00

    It seems that microsoft has added the voidtools developers cert to the "vulnerable driver blocklist" found here, which is incorrect because voidtools software are not drivers, they are legitimate software processes.

    https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules <Signer ID="ID_SIGNER_VOIDTOOLS" Name="voidtools (Thumbprint: 4DA2AD938358643571084F75F21AFDDD15D4BAE9)"> <CertRoot Type="TBS" Value="2AAA2A578BDEB2F1DBAAE27B6358B87D14143B7FA98518A6AC576172677225AC"/>

    0 comments
  4. Anonymous
    2025-01-18T11:24:46+00:00

    Found a work around, remove the signature with microsoft sdk signtool:

    signtool remove /s Everything64.exe

    0 comments
  5. Anonymous
    2025-01-18T08:57:33+00:00

    So it wasn't revoked by the issuer, it was revoked by Microsoft.

    A hand full of HP, Creative and Levono files are in that block list, specific drivers signed by 'DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1', but what microsoft did was a sweeping ban for all certificates signed to a legitimate developer voidtools, and its not a driver, its software.

    I am unable to disable driver blocklist, it is greyed out and not enforced by group policy either; It was already set to disabled in the registry.

    Image

    So I updated the policy manually by removing Voidtools from the list. I downloaded a copy of SiPolicy_Enforced.xml, [1], removed voidtools from the list, converted it to a p7b, [2] imported it and ran RefreshPolicy(AMD64).exe, which claims "Rebootless ConfigCI Policy Refreshing Succeeded!" but windows still blocking the executable.

    [1] https://aka.ms/VulnerableDriverBlockList

    [2] https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-

    0 comments