So, each recipient of a signed message decides if the issuer of the signer's certificate is trustworthy.Crypto API has implemented a methodology to allow application developers to create applications that automatically verify certificates against a predefined list of trusted certificates or roots.Cryptography is the science of securing information by converting it between its normal, readable state (called plaintext) and one in which the data is obscured (known as ciphertext).In all forms of cryptography, a value known as a key is used in conjunction with a procedure called a crypto algorithm to transform plaintext data into ciphertext.This list of trusted entities (called subjects) is called a certificate trust list (CTL).
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2, and that do not have the automatic updater of revoked certificates installed, this update is not available.The other key, known as the public key, is intended to be shared with the world.However, there must be a way for the owner of the key to tell the world who the key belongs to. A digital certificate is a tamperproof piece of data that packages a public key together with information about it (who owns it, what it can be used for, when it expires, and so forth). Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files.Normally you won’t have to think about certificates at all.You might, however, see a message telling you that a certificate is expired or invalid.In the most familiar type of cryptography, secret-key cryptography, the ciphertext is transformed back into plaintext using the same key.However, in a second type of cryptography, public-key cryptography, a different key is used to transform the ciphertext back into plaintext. In public-key cryptography, one of the keys, known as the private key, must be kept secret.To receive this update, customers must install the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details).Customers in disconnected environments and who are running Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 can install update 2813430 to receive this update (see Microsoft Knowledge Base Article 2813430 for details).For more information see the Suggested Actions section of this advisory. The purpose of this advisory is to notify customers that National Informatics Centre (NIC) improperly issued SSL certificates for multiple sites including Google web properties.The subordinate CA may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. A subordinate CA certificate was improperly issued by the National Informatics Centre (NIC), subordinated to the Government of India CA, which is a CA present in the Trusted Root Certification Authorities Store.