There are other MSIs in my client setup folder with even older expiration dates, I suppose those will be a problem as well. While the Microsoft PolicyPlatforSetup cert expied yesterday, the client.msi expires in March 2013 and the MSXML expired 10/4/2007!! and the windowsfirewallconfigurationprovider.msi expired in 10/2011. It seems like something new is not allowing expired authenticode certificates. Why does it make a different for one MSI and not the others?
Being currious, I started looking at other MSIs I use to install software. My Flash Installer MSI is signed by an Adobe certificate that expired in Dec 2012, but that seems to install just fine. Whats special about this one particular MSI where the others don't fail. Is something in the clientsetup routine telling it to strictly enforce signatures?
Edit: After some internet searching - it looks like the MSI may just be signed incorrectly. They would have had the option to sign the MSI for "eternity" if done correclty.