[semenko]

F-Secure claims that this /would/ allow forgery of Windows Updates (!!): http://www.f-secure.com/weblog/archives/00002377.html

"...Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update system..."

[marshray]

Yep. It appears that, in fact, windows update has been pwned by these certs.

More info. https://www.securelist.com/en/blog/208193558/Gadget_in_the_m...