Microsoft certification authority signing certificates added to the Untrusted Certificate Store
Connection to Flame malware
Components of the Flame malware were signed with a certificate that chained up to the
Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately,
to the Microsoft Root Authority. This code-signing certificate came by way of the
Terminal Server Licensing Service that we operate to issue certificates to customers
for ancillary PKI-based functions in their enterprise. Such a certificate could
(without this update being applied) also allow attackers to sign code that validates
as having been produced by Microsoft.
We recommend that all customers apply this update.
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
Flame Malware Uses Forged Microsoft Certificate to Validate Components