You don't need a preimage attack for SHA-1 to cause problems with CAs, just collisions. For example, MD5 does not have any preimage attacks I'm aware of, but it is possible to create rogue CA certificates that use MD5 [1]. Bruce Schneier estimates that we will see SHA-1 collisions relatively soon [2], so it's not like Microsoft is just making this stuff up.
I agree that CA compromise is a serious problem, but it's not one Microsoft can do something about. They can ban SHA-1 in certificates, and I think it's a good idea.
I agree that CA compromise is a serious problem, but it's not one Microsoft can do something about. They can ban SHA-1 in certificates, and I think it's a good idea.
[1] http://www.phreedom.org/research/rogue-ca/
[2] https://www.schneier.com/blog/archives/2012/10/when_will_we_...