Today we’re releasing Security Advisory 2607712, to address at least one fraudulent digital certificate issued by DigiNotar, a root certificate authority. DigiNotar has since revoked the digital certificate. This is not a Microsoft security vulnerability; however, the certificate potentially affects Internet users attempting to access websites belonging to Google. A fraudulent certificate may be used to spoof Web content, perform phishing attacks or perform man-in-the-middle attacks against end users.
We continue to work with the certificate authority to understand the scope of this issue, and have taken steps to further help protect customers by removing the DigiNotar root certificate from the list of trusted root certificates on Windows. Web sites with certificates issued by DigiNotar will no longer be trusted by Windows Vista and above. This protection is automatic and no customer action is required.
