Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties.
With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server 2003, please see the Security Advisory 2982792 for recommended actions. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.1, and newer versions, help to mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature.
For more information, please see Microsoft Security Advisory 2982792.
Thank you,
Dustin Childs
Group Manager, Response Communications