Microsost has released an emergency Windows Update which flags 45 Google and Yahoo SSL certificate as untrusted.
“These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties,” a Microsoft advisory warned. “The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.”
Windows 8 machines have been automatically patched by Microsoft. Windows 7 machines were automatically updated if the automatic updater for the Windows Certificate Trust list is installed. If your organization is on one of SkyCamp Tech’s managed plans, we have already taken the necessary steps to patch your computers with the update provided by Microsoft; there is no action you need to take at this time. If you have any questions, or need any assistance patching your machine manually, feel free to open a ticket and one of our support reps will follow up with you.
You can read more about the threat at Ars Technica.