Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail.

Other vendors, including Apple, also sign software updates with a separate certificate.

The certificates for the various Microsoft domains were issued by DigiNotar, a Dutch company that last week admitted its network had been .

The company initially believed it had revoked all the fraudulent certificates, but later realized it had overlooked one that could be used to impersonate any Google service, including Gmail. DigiNotar went public only after users reported their findings to Google.

Criminals or governments could use the stolen certificates to conduct "man-in-the-middle" attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly intercepted.