"Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday . "The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft."

Seven of the 531 fraudulent certificates were for Microsoft-related domains including update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com, and another 17 were for live.com, Microsoft's Windows Live social network and collaboration site.

Microsoft recommends that enterprise users not using Microsoft's automatic updating service immediately install the updates. This includes a rare update for Windows Server 2008 Server Core, which is also affected.

However, more industrywide action may be needed, and Microsoft says it "has been actively collaborating with certificate authorities, governments, and software vendors to help protect our mutual customers."

This is because "the most egregious certs issued were for *.*.com and *.*.org while certificates for Windows Update and certificates for other hosts are of limited harm by comparison," according to the TOR Project blog. "The attackers also issued certificates in the names of other certificate authorities such as 'VeriSign Root CA' and 'Thawte Root CA' as we witnessed with , although we cannot determine whether they succeeded in creating any intermediate CA certs."