To work around this problem, configure the computer so that the network does not retrieve trusted and untrusted CTLs. To do this, use one of the following methods:
Method 1 
Validate that boundary firewalls, router access rules, and downstream proxy servers enable systems that have update 2677070 installed to contact Microsoft Update. For more information about this requirement, see the following article in the Microsoft Knowledge Base. (This includes the URLs that the CTL update accesses.)
2677070 An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Method 2 
Change the Group Policy settings. To do this, follow these steps:
  1. Under the Computer Configuration node in the Local Group Policy Editor, double-click Policies.
  2. Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
  3. In the details pane, double-click Certificate Path Validation Settings.
  4. Click the Network Retrieval tab, click to select the Define these policy settings check box, and then click to clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
  5. Click OK, and then close the Local Group Policy Editor.
Method 3
Modify the registry. To do this, follow these steps. 
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then select the following registry subkey: 
    HKLMSoftwarePoliciesMicrosoftSystemCertificates
  3. Right-click AuthRoot, select New, and then click DWORD.
  4. Type DisableRootAutoUpdate, and then press Enter.
  5. Right-click DisableRootAutoUpdate, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor, and then restart the computer.
Method 4Increase the default service time-out. To do this, follow these steps:
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows 
    Click 

  1. Locate and then select the following registry subkey:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl
  2. Right-click Control, point to New, and then click DWORD Value.
  3. In the New Value box, type ServicesPipeTimeout, and then press Enter.
  4. Right-click ServicesPipeTimeout, and then click Modify.
  5. Click Decimal, type the number of milliseconds that you want to wait until the service times out, and then clickOK. 
           For example, if you want to wait 60 seconds before the service times out, type 60000
  1. Exit Registry Editor, and then restart the computer.