Η Microsoft he published a security advisory entitled "Inadequate digital certificates issued could allow forgery" or in English "Improperly Issued Digital Certificates Could Allow Spoofing". The company has chosen this way to announce the countermeasures they are taking for the circulation of fake domains from the certification authority of the National Information Center (NIC), a service of the Government of India.
For reasons still unexplained, the NIC department at California issued a number of its domains Google, which allow forgery and attacks Man-in-the-middle if a program trusts the certificates. Google explained that their own products do not trust the Certification Authority of India (CCA) auditor. Continuing, Google drops the ball on Microsoft stating that the Trusted Root Store includes CCA in the trusted certificates.
The Microsoft vendor reports that her service has trusted the certificates to date to update the Trusted Root Store list for all supported versions of Windows. Note that this means that users still using Windows XP are at risk.
The Microsoft bulletin lists the domains that were issued irregularly. There are 17 Google domains such as: google.com, m.gmail.com and gstatic.com and 27 Yahoo domains such as: mail.yahoo.com, profile.yahoo.com and me.yahoo.com. Finally, static.com, a cloud PaaS (Platform as a Service).
