Microsoft Security Advisory 3050995
Improperly Issued Digital Certificates Could Allow Spoofing. Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.
To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate.
The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA.
Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested. For more information about these certificates, see the Frequently Asked Questions section of this advisory.
