Microsoft has issued a critical rated security advisory for a unauthorized Microsoft Certificate which affects all current Microsoft Windows product. An unauthorized Microsoft Certificate can be used by hacker to carry our phishing attacks and spoof content. An emergency patch for this threat is released by Microsoft which is advised to be installed with immediate effect.
The advisory issued via TechNet does not give much detail regarding the threat apart from that this update addresses three certificates causing the problem, two from the Microsoft Enforced Licensing Intermediate PCA, and one from the Microsoft Enforced Licensing Registration Authority CA (SHA1). You can download the patch from here
According to official version
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
- Microsoft Enforced Licensing Intermediate PCA (2 certificates)
- Microsoft Enforced Licensing Registration Authority CA (SHA1)