Microsoft Root Authority Certificate revoked

Supposedly the windows update would update the list of Root certs

As a part of Microsoft Trusted Root Certificate Program, MSFT maintains and publishes the list of certificates for Windows clients and devices. If the verified certificate in the certification chain refers to a root CA that participates in this program, the system will automatically download this root certificate from Windows Update and add it to trusted.

See the "How to Get Root Certificates from Windows Update Using Certutil"

http://woshub.com/updating-trusted-root-certificates-in-windows-10/

Another way to get the list of certificates from Microsoft website. To do it, download the file http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab (updated twice a month).
Using any decompression program (or Windows Explorer) unpack authrootstl.cab. It contains one file authroot.stl. The latter is a container for the list of trusted certificates in Certificate Trust List format. You can install this file in the system using the context menu of the STL file (Install CTL). Install CTL or using certutil: [certutil -addstore -f root authroot.stl]

In the same way, you can download and install the list of the revoked certificates that have been removed from Root Certificate Program. To do it, download disallowedcertstl.cab (http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab),unpack it and add to Untrusted Certificates section using this command: [certutil -addstore -f  disallowed disallowedcert.stl]

I previously did the root cert update "certutil -addstore -f root authroot.stl" but not the revoked certs.

I tried updating both again.  I tried Windows Updates. That certificate is still listed as revoked.  

I am leery of deleting that certificate and hoping it will be replaced.

Probably that is one means and should see any event viewer errors as this symptom may be signifying other matters.

Root certificates are updated on Windows automatically. When a system encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate.

If it finds it, it downloads it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

This all works well unless a server has been configured with Group Policy: Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update as Enabled.