Microsoft Releases Security Advisory on Fraudulent Digital Certificates

Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects all supported releases of Microsoft Windows.

This update revokes the trust of the fraudulent certificates and places them in the Microsoft Untrusted Certificate Store.

US-CERT encourages users and administrators to review Microsoft Security Advisory 2798897 and follow best-practice security policies to determine if the update should be applied.