Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500.

This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store.

This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Leave a Reply