The vulnerability is applicable in a corner case situation and can lead to man-in-the-middle (MiTM) attacks. IE 7,8,9,10 and 11 all allow for wildcard subdomains with EV Certificates, which should never be allowed. Neither Certificate Authorities nor web browsers should allow for such a flaw, but their compliance is questionable. The Certificate Authority infrastructure trust model continues to show major cracks as a flawed trust model. The vulnerability lays down groundwork for further discussion of the Internet of Things”]
Source: https://securelist.com/microsoft-updates-july-2014-etc/64578/