Η Microsoft he published a security advisory entitled "Improperly Issued Digital Certificates Could Allow Forgery" or in English "Improperly Issued" Digital Certificates Could Allow Spoofing”. The company chose this way to announce the countermeasures they are taking for the circulation of fakes domains από την αρχή έκδοσης πιστοποιητικών του Εθνικού Κέντρου Πληροφορικής (NIC), μια υπηρεσία της κυβέρνησης της Ινδίας.
For reasons still unexplained, the California division of the NIC has issued a series of Google domains that allow for spoofing and attacks man-in-the-middle if a program trusts certificates. Google explained that their own products do not trust the Certification Authority of India (CCA) auditor. Continuing, Google drops the ball on Microsoft stating that the Trusted Root Store includes CCA in the trusted certificates.
Microsoft's bulletin states that indeed its service trusted the certificates until today when it updated the Trusted Root Store list for all supported versions of Windows. Note that this means users still using Windows XP are at risk.
The Microsoft bulletin lists the domains that were issued irregularly. There are 17 Google domains such as: google.com, m.gmail.com and gstatic.com and 27 Yahoo domains such as: mail.yahoo.com, profile.yahoo.com and me.yahoo.com. Finally, static.com, a cloud PaaS (Platform as a Service).
