Security Update: Microsoft to Restrict 1024 bit Certificates
Date and Time
To reduce the risk of unauthorized exposure of sensitive information, Microsoft will release a Window’s update in October 2012 that restricts the use of certificates that are less than 1024 bits in length.
Some issues after applying this update may include:
- Error messages when browsing to web sites that have SSL certificates with keys that are less than 1024 bits
- Creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
- Installing Active X controls that were signed with less than 1024 bit signatures
- Installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to January 1, 2010, which will not be blocked by default).
Advanced Users: For a complete description of the security enhancements and affected software refer to Microsoft Security Advisory: Update for minimum certificate key length.
- Windows XP
- Windows XP Professional
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
This does not affect InCommon and Entrust SSLs, which have been 2048 bits in length for a few years.
WHAT'S THE PROBLEM?
The private keys used in certificates that are less than 1024 bits in length can be copied and could allow an attacker to replicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
HOW DO I PROTECT MY COMPUTER?
- General Computer Users
If you have a computer support coordinator (CSC), no action on your part is required.
- Microsoft System and Desktop Administrators
System administrators of Microsoft Windows platforms should assess the impact of this update on their environment before any wide-scale deployment.
System administrators can obtain the update now from Microsoft's Download Center.