[vermilingua]

Could someone clarify: does this allow the creation of fake certificates that are accepted as authentic by any crypto library?

Or rather, does it treat such faked certificates as authentic itself?

[gruez]

> Could someone clarify: does this allow the creation of fake certificates that are accepted as authentic by any crypto library?

No, only the Windows native one. For instance, Firefox (which uses NSS) would be safe.

[emayljames]

Although, if one point can be exploited to gain access to one area, then privilege escalate or exploit from that vantage point, then a lot is at stake.