Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack.
The following certificates have been revoked by this update:
- Microsoft Enforced Licensing Intermediate PCA (2 certificates)
- Microsoft Enforced Licensing Registration Authority CA (SHA1)
US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risk.
Update: For more information, please see US-CERT Technical Alert TA12-156A.