On Monday, Microsoft warned customers about an improperly issued SSL certificate that could potentially be used to spoof content, enact phishing attacks, and enable man-in-the-middle attacks. To help solve the issue quickly, the company revoked the digital certificate, but some customers needed to do a little extra to be protected.
Customers using more recent operating systems (Windows 8 through Windows Server 2012 R2, including Windows Phone) needed to do nothing since Microsoft built in an automatic updater, but those using Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 without the supplied automatic updater installed at least needed to download and install it. Microsoft rolled out the updater in 2012.
Unfortunately, those using Windows Server 2003 were left in the lurch. Windows Server 2003 is built on old technology, and since the server OS reaches end of life in July of this year, it's rarely updated. I know many are still working hard to eliminate this old server operating system from their company datacenters before the deadline, and this issue is only more evidence how critically important the migration is becoming.
Microsoft has now released a security update for Windows Server 2003 customers to secure the operating system against the unsecure SSL certificate and should be applied as soon as possible.
You can find the download here: Security Update for Windows Server 2003 (KB3048051)