Microsoft released Security Advisory 2798897 to provide notification regarding a a fraudulent digital certificate issued by TURKTRUST Inc.
TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was used to issue a fraudulent digital certificate to *.google.com.
Windows Vista and newer:
With up-to-date security updates, your computer was protected with the installation of Microsoft Knowledge Base Article 2677070, released on June 12, 2012.
The update provides an automatic updater feature which includes a mechanism that allows Windows to specifically flag certificates as untrusted. With this feature, Windows checks daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update.
If you have not installed KB 2677070, it is strongly advised that you do so as soon as possible.
Windows XP and Windows Server 2003:
Because the automatic updater feature is not applicable to Windows XP and Windows Server 2003, it is necessary for users of these systems to manually check for updates.
- MSRC: Security Advisory 2798897 released, Certificate Trust List updated
- Tech Net Advisory: Microsoft Security Advisory (2798897) Fraudulent Digital Certificates Could Allow Spoofing
- KB 2677070: An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2