Since I work a lot with PKI design, I can’t help wondering how someone like Comodo/Usertrust can still be considered trustworthy. In my opinion the update should be to remove them from the list of trusted issuers! I think that the fact that VeriSign got away with it in 2001, has set a standard that we can continue to trust issuers even if they have proven not being trustworthy.
I think that this is a very dangerous path, since this will lower the trust in certificates as a secure identity.
After the attack on Comodo late last week please make sure to install the update Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing.