"banished" by Chrome & Firefox sounds so dramatic. This is actually exactly such a situation that certificates are able to deal with by design. When the security of a certificate is compromised - it is added to the list of "untrusted certificates" and it becomes worthless. In this situation DigiNotar would be issued with a new/different certificate, and DigiNotar would use it instead.
The "updates" are nothing more than adding the stolen certificates to the "untrusted" list - effectively "turning them off" (and any certificates that were created using the stolen certificates).
Sep 7 2011 - Microsoft have yet to respond in relation to their Internet Explorer browser.
Pretty poor research on their (http://hakin9.org/) part.
Revisions
• V1.0 (August 29, 2011): Advisory published.
• V2.0 (August 29, 2011): Revised to correct erroneous advisory number.
• V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.
http://www.microsoft.com/technet/security/advisory/2607712.mspx
All the important questions are answered in the FAQ (at the above advisory address)
Why was this advisory revised September 6, 2011?
Microsoft revised this advisory to announce the release of an update that addresses this issue. The update adds five DigiNotar root certificates to the Microsoft Untrusted Certificate Store. Typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For customers who do not have automatic updating enabled, see Microsoft Knowledge Base Article 2607712 for information on how to manually apply the update.
On August 29, 2011, Microsoft removed the trust from one DigiNotar root certificate by updating the Microsoft CTL. Why is Microsoft releasing an update?
Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List to validate the trust of a certification authority. As a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.
After the CTL update on August 29, 2011, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 users who accessed a Web site that was signed by an untrusted DigiNotar root certificate would be presented with a warning message indicating that the trust of the certificate could not be verified. Users were allowed to click through this warning message to access the site.
In order to protect customers more comprehensively against possible man-in-the-middle attacks, Microsoft is releasing an update that takes additional measures to protect customers by completely preventing Internet Explorer users from accessing resources of Web sites that contained certificates signed by the untrusted DigiNotar root certificates. Internet Explorer users who apply this update will be presented with an error message when trying to access a Web site that has been signed by either of the above DigiNotar root certificates. These users will not be able to continue to access the Web site.
What does the update do?
On all supported releases of Microsoft Windows, the update adds five DigiNotar root certificates to the Microsoft Untrusted Certificate Store.
How will this update change the user experience when trying to access a Web site that has been encrypted with TLS and signed by an untrusted DigiNotar root certificate?
Internet Explorer users who try to access a Web site that has been signed by an untrusted DigiNotar root certificate will be prompted with an error message. Due to the fact that this certificate is located in the Microsoft Untrusted Certificate Store, Internet Explorer will not allow users to proceed to the Web site. The Web site will remain unavailable until the Web site certificate is replaced with a new certificate that is signed by a trusted root certificate.
There are more technical questions and answers related to the issue - also in the FAQ.
