Forstrom did not set a date by when Microsoft would block all DigiNotar certificates, including those used by the Dutch government, which has been a major customer of the company.
Google updated Chrome on Saturday to block all DigiNotar certificates, while Mozilla plans to do the same on Tuesday for Firefox.
However, Microsoft's partial ban of DigiNotar certificates -- which it instituted last week -- and the complete sanction now in the works only protects users running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
Customers still on Windows XP or Windows Server 2003 must wait for an update specific to those operating systems; Ness said only that that update would "be available soon."
Until that Windows XP update is available, users can protect themselves by manually deleting the DigiNotar root from the list of approved certificate-issuing authorities. Microsoft has posted lengthy instructions for doing that on its Security Research & Defense blog.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about security in Computerworld's Security Topic Center.