Hacker claims he can exploit Windows Update

The hacker who stole the digital certificates from a Dutch firm claims that he could use them to issue fake Microsoft Updates.
Comodohacker, who claims to be a 21-year-old Iranian, has taken credit for several attacks against certificate authorities, or CAs, the organizations and companies authorized to issue SSL (secure socket layer) certificates. In two of those attacks -- of Comodo in March and more recently of DigiNotar -- certificates were fraudulently generated.

Among the 531 certificates stolen in the hack of Dutch-based DigiNotar were several that could be used to impersonate Microsoft's update services.

Comodohacker said he could exploit those certificates.

"I'm able to issue Windows update[s]," Comodohacker claimed in one of several statements he has posted this week on Pastebin. "Microsoft's statement about Windows Update and that I can't issue such update is totally false!"
Last weekend, Microsoft said that the certificates stolen from DigiNotar weren't enough to deliver actual updates.
"Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," said Jonathan Ness, principal development security lead with the Microsoft Security Response Center (MSRC), in a blog post last Sunday. "The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft." Ness also said that even if a hacker was equipped with a fake certificate, "Windows Update itself is not at risk."