The update has been available for download voluntarily, for users to test the effects, since Patch Tuesday of August 2013.
Root certificates are one of the essential trusted elements in a system of digital certificates, such as those in Windows for TLS/SSL and code signing. If one trusts the software and the root certificates, then other certificates which are part of a chain of certificates ultimately signed by the root are demonstrably trustworthy as well. Thus the list of trusted root certificates is largely a list of signing certificates from certificate authorities (CAs).
One of the important technological building blocks of certificates, and of public key encryption generally, is the hash algorithm. The MD5 algorithm was cutting-edge in its day, but for many years it has been weakened to the point that nobody should be using it. Companies like Microsoft and Google have been nudging their users off of MD5 for some time and.
After applying Tuesday's updates, it is possible, but unlikely, that you will see certificate errors on HTTPS sites in Internet Explorer or Google Chrome (which uses the same Windows Crypto libraries). These errors should be reported to the site administrator.
Last summer Microsoft released a separate update for Windows which enabled this deprecation of old, weak cryptographic standards. This update is a prerequisite for the one to be released Tuesday, but if you have been good about applying past updates you should have the prerequisite installed and be ready.