Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Windows XP is not supported.
The advisory states “The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store.”
Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For Windows 8 and higher, Windows RT 8, Windows 2012 and 2012R2 an automatic updater of revoked certificates is included and no user action is required.
Other users of supported Windows systems may be using a version of the automated updater of remote certificates and will not need to take action. For users not using the automated updater, they must install it to revoke the certificates. No update is available for customers running Windows Server 2003.