Broken websites, and Microsoft update KB2661254

Did you know that Microsoft invalided/stopped the use of security certificates with a RSA key length of less than 1024 bits?  And they started doing this back in August 2012?  No, we missed that security bulletin too.  So we awoke to a broken website.
(it was the client PC which was broken, but everyone blames the website when they can’t get to it.)

We had deployed KB2661254 that is.

The first we heard of KB2661254 was when one of our support team logged a help desk call about the issue it causes.  The helpful Internet Explorer screen looked like this:
IE Broken

A quick look at the website certificate details confirmed the actual problem:

As this was an internal website, we were able to generate a new (larger) certificate fairly quickly.