"we refined our attack in 2008 and used it to construct a rogue Certification Authority, thereby demonstrating a serious vulnerability in internet security. Our demonstration convinced Microsoft and various governments to raise the security standards for Certification Authorities, by disallowing the use of MD5-based signatures effective 15 January 2009 [6]."
http://www.cwi.nl/news/2012/cwi-cryptanalist-discovers-new-cryptographi…
6. "Microsoft Root Certificate Program", Microsoft.
http://technet.microsoft.com/en-us/library/cc751157.aspx.
January 2009.