file is still available directly from Microsoft
see MS support article 3149737
as that certificate file is available for download there....
Thanks for the link to the MS support article KB3149737
and your info about the MicrosoftRootCertificateAuthority2011.cer file.
I'm still not sure, however, exactly what has changed on Microsoft's end since April 2020
that now triggers these 800B0109 errors ("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provide
r") when Windows Update tries to install update KB4014984
(Security and Quality Rollup for NET. Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017
). That support article notes that "this issue occurs when you operate in an environment that's disconnected from the Internet or that has a firewall that blocks content from the following URL: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
". It also states that "this behavior occurs because of recent changes to Microsoft Windows Enforcement of Authenticode Code Signing and Timestamping
", which describes the risk of downloading software signed exclusively with a SHA-1 certificate.
Problems with strict enforcement of SHA-2 signing for newly released Microsoft updates first appeared on my Vista SP2 machine back in October 2019
(see my post # 17 in VIstauser324's thread Windows Defender Definition Updates
) so SHA-1 vs SHA-2 signing probably isn't the whole story. Perhaps it's because .NET Framework v4.x is an optional update and the Microsoft Update Catalog
now shows that KB4014984 has been replaced by the Windows Server 2008 update KB4041086
(released Sept 2017) in the supercedence chain.
I also suspect Microsoft has gone back and either re-issued some Vista SP2 updates released on or before 11-Apr-2017 or altered the metadata. For example, Bob's My Uncle recently pointed out to me <here
> that the 32-bit Vista version of KB4015195
(Security update for the Win32k information disclosure and escalation of privilege vulnerabilities in Windows Vista and Windows Server 2008: April 11, 2017
), which used to have a Last Updated date of 08-Apr-2017
as shown in this old image I captured in April 2017 ....
... has now disappeared
from the Microsoft Update Catalog, and the Last Updated date of the remaining 64-bit version has changed to 30-May-2017
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365 * MS Office Professional 2003 SP3
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, 256 GB Western Digital SATA HDD, NVIDIA GeForce 8400M GS