For now, hold off on installing KB 974571 on OCS 2007 R2 servers (and possibly R1)

October 24 Update – The MS09-56: Vulnerabilities in CryptoAPI could allow spoofing article has been updated with a Known Issues section and FIX for the LCS and OCS product. That article is the authorized content as it requires the proper groups to coordinate and confirm the data published.

Microsoft has released  official information that is indeed a problem with OCS and LCS systems. Check out the updated article with known issues here: MS09-56: Vulnerabilities in CryptoAPI could allow spoofing

I didn’t discover this one, so I’m just the messenger passing word on – KB 974571 (part of Patch Tuesday today – specifically related to Crypto-API/ASN1) will make OCS think it is an evaluation version that has expired. Uninstall KB 974571 and OCS works again. You will want to apply the KB once an updated patch, or an updated patch for OCS becomes available. Originally documented here.

The issue is currently being escalated, but until a fix can be found, delaying the install of KB974571 is recommended. Check here for updates:

Thanks to Aaron Tiensivu for the heads up:,-hold-off-on-installing-KB-974571-on-OCS-2007-R2-servers-and-possibly-R1.html