Certificate authorities (CAs) have a crucial role in the chain of trust that binds the computing world together right now. So when it turns out that a rather large company (Symantec) has been issuing dodgy certificates for many years, the ramifications run uncomfortably wide. Google has been gradually winding down its trust of Symantec-issued over a multiyear period, because blocking them all at once would just be too painful for its users. It turns out some of these CAs are also used for signing applications for Windows. Microsoft finally got around to blocking the Symantec one within the last few days, only to abruptly reverse course and trust it again, because it caused serious trouble for too many Windows systems <https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/>. The applications concerned should have been updated to not depend on such a worthless CA. But it seems, ensuring Windows users update all their relevant apps can be a mountain just too high to climb.