A way to update 2008 R2 to recognize newer certificates?

[Tripredacus]

It appears there is a limitation regarding signed drivers where DISM won't be able to interpret the certificate depending on what OS you are running it on.

http://technet.microsoft.com/en-us/library/hh825070.aspx

To add drivers to a Windows® 8 image offline, you must use a technician computer running Windows 8, Windows Server® 2012, or Windows® Preinstallation Environment (Windows PE) 4.0. Driver signature verification may fail when you add a driver to a Windows 8 image offline from a technician computer running any other operating system.

It isn't 100% true, as I've been adding drivers (boot-critical or otherwise) to Windows 8, 8.1, 2012/R2 images from Server 2008 R2 with the Windows 8.1 ADK installed. There hasn't been a problem until just now. I have found a driver from LSI that will not inject with DISM into a WinPE 4 image, but it DOES work if I do it from Server 2012.

The error on Server 2008 R2 is:

Driver Error - The driver package contains x64 boot-critical drivers, but the drivers are not properly signed.

Error 50

I have verified the signature with SignTool, and even the server itself (via Explorer) shows the certificate is OK.

Is there an update available for Server 2008 R2 that will allow for the correct identication of certificates on driver injections? Using /forceunsigned is not an option.