Η Microsoft he published a security advisory entitled "Improperly Issued Digital Certificates Could Allow Forgery" or in English "Improperly Issued" Digital Certificates Could Allow Spoofing”. Η εταιρεία επέλεξε αυτό τον τρόπο για να ανακοινώσει τα αντίμετρα που παίρνουν για την κυκλοφορία ψεύτικων domains από την αρχή έκδοσης πιστοποιητικών του Εθνικού Κέντρου Πληροφορικής (NIC), μια υπηρεσία της κυβέρνησης της Indias.
For unexplained reasons, the NIC in California has released a number of Google domains that allow for forgery and man-in-the-middle attacks if a program trusts the certificates. Google explained that their own products do not trust the Indian Certification Authority (CCA) auditor. Continuing with Google, it drops the ball to Microsoft, indicating that the Trusted Root Store includes CCA on trusted certificates.
Microsoft's bulletin states that indeed its service trusted the certificates until today when it updated the Trusted Root Store list for all supported versions of Windows. Note that this means that users are still using Windows XP are at risk.
The Microsoft Bulletin lists the domains that were issued illegally. There are Google's 17 domains such as: google.com, m.gmail.com and gstatic.com and 27 domains such as Yahoo!, Yahoo!, Yahoo! and Yahoo!. Finally, fake domain is also static.com, a PaaS cloud (Platform as a Service).
