It's a Superfish and eDellRoot déjà vu!
Microsoft has issued a
security advisory today warning that two applications accidentally installed two root certificates on users' computers, and then leaked the private keys for all.
The software developer's mistake means that malicious third-parties can extract the private keys from the two applications and use them to issue forged certificates to spoof legitimate websites and software publishers for years to come.
The two applications are
HeadSetup and HeadSetup Pro, both developed by German software developer Sennheiser. The software is used to set up and manage
softphones --software apps for making telephone calls via the Internet and a computer, without needing an actual physical telephone.