Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.
Compatibility Issues Affecting Signed Microsoft Binaries
Published: Tuesday, October 09, 2012 | Updated: Tuesday, October 09, 2012
Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability to properly install and uninstall affected Microsoft components and security updates.
As a pre-emptive action to assist customers, Microsoft is providing a non-security update for supported releases of Microsoft Windows. This update helps to ensure compatibility between Microsoft Windows and affected software binaries. For more information about the update, please see Microsoft Knowledge Base Article 2749655.
In addition, Microsoft is providing updates as they become available for products affected by this issue. These updates may be provided as part of rereleased updates, or included in other software updates, depending on customer needs.