People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.

A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India's Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren't at risk. More about that later in this post.)

Unknown scope

In an update posted Wednesday, Langley said the CCA confirmed that the bogus certificates were the result of a compromise of NIC's certificate issuance process. The CCA reportedly said only four certificates were compromised. In a sign the CCA's findings aren't reliable, or at least are only tentative, Langley went on to say Google researchers are aware of still more counterfeit credentials stemming from the NIC breach.

"The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains," he wrote Wednesday. "However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown."

House of cards

The CCA has already revoked all certificates held by intermediate authority NIC. The revocation in theory means Windows users who encounter one of the fraudulently issued TLS certificates will be alerted through mechanisms including the certificate revocation list and online certificate status protocol , which are supposed to flag revoked credentials before they're trusted by a browser or other app. In practice, and as Ars reported following the catastrophic Heartbleed vulnerability , the real-time revocation checks are trivial for attackers to bypass.

The result is that IE and other apps that rely on Windows to know which certificates to trust have no reliable way of detecting the bogus credentials at the moment. Worse still, at this early stage in the investigation, there's no way of knowing just how many certificates were fraudulently issued. Based on Langley's account, there are at least five impostors (the four confirmed by CCA and at least one other not included in that list seen by Google), but it's hard to imagine attackers with the control over a Windows-trusted authority would stop at just a handful. Absent some technical constraint, there's every reason the attackers minted hundreds, thousands, or even more of the fake IDs.

It was precisely this scenario following the 2011 compromise of DigiNotar that prompted Microsoft to hardwire the revocation of the Dutch certificate authority directly into Windows. By the time Microsoft and other software makers responded, more than 300,000 Internet users, mostly located in and around Iran, were exposed to the certificates when accessing Google mail. Asked Wednesday afternoon if Microsoft planned to follow a similar path this time, company officials issued the following statement:

"We are aware of the mis-issued third-party certificates and we have not detected any of the certificates being issued against Microsoft domains. We are taking the necessary precautions to help ensure that our customers remain protected."

Fortunately, Windows appears to be the only operating system that will trust the fraudulent certificates, meaning apps running on Mac OS X, Linux, and other platforms aren't at risk. And even on Windows, the Firefox browser and the Thunderbird e-mail client were never affected because they rely on a root store that's independent of the Microsoft OS. In recent days, Google updated a revocation list built into Chrome to prevent Windows users from falling prey to the individual certificates it discovered, and even before that, a mechanism known as certificate pinning prevented Chrome from trusting any certificates impersonating a Google property. Langley said Wednesday that in light of the latest revelations, Chrome will be updated again, this time to limit CCA-based certificates falling inside the .in top-level domain for India.

Matters for Microsoft may be considerably more difficult. The CCA issues huge numbers of legitimate certificates. Revoking the entire root certificate in Windows comes at the risk of breaking large parts of the Internet. Unless Microsoft engineers have the granular control Google has to permit and block specific subdomains included in a given root certificate, they may be forced to revoke individual certificates. That's easy enough to do when there are only a handful of fake IDs, but if over the coming weeks or months the number stemming from the NIC compromise continues to grow, that approach could become unwieldy. (This latest episode only underscores an argument I've made for three years, that the current TLS system is hopelessly broken , a sentiment that seems to resonate with experts .)

It wouldn't be surprising if Microsoft issued a detailed advisory in the next day or two concerning this latest certificate authority breach. Until there are assurances from Microsoft, Windows users should access TLS-protected domains using an app known to be immune to this latest round of counterfeit certificates.