Microsoft has been immediately notified of the matter and has moved to update its Certificate Trust list (CTL) and all its supported releases of Windows in order to remove the trust of that and two other certificates, as it appears that active attacks using the first certificates have been detected.
"TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com," they explained in a security advisory.
Users who don't have the automatic updater of revoked certificates enabled are advised to download and apply the latest system update, while Windows 8, Windows RT, Windows Server 2012, and Windows Phone 8 users needn't worry about that - their CTL will be updated automatically.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.