Please be aware that there is a pending change for the minimum key length for certificates with RSA keys. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows. In addition, Microsoft is planning to release this update through Microsoft Update in October, 2012 after customers have a chance to assess the impact of this update and take necessary actions to use certificates with RSA keys greater than or equal to 1024 bits in length in their enterprise.
Recommendation: Microsoft recommends that customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update to their enterprise. Please see the Suggested Actions section of in the advisory for more information.
This update will impact HTTPS web services which have a RSA key length of less than 1024 bits. Examples will include Outlook, Exchange web services and web browsers. This article discusses the impact of KB2661254 to Internet Explorer.
Known issues with this security update, after the update is applied:
There are four main methods for discovering if RSA certificates with keys less than 1024 bits are in use:
To quickly check a single certificate the Public Key attribute can be inspected using the Certificates MMC snap-in as shown below. If you need steps to open the Certificates MMC please read this.
This certificate is OK as it has a 2048 bit key.
For more details on the additional methods to check and information on resolutions please read the full Security Advisory for this update.
If you would like to have Microsoft Premier Field Engineering (PFE) visit your company and assist with the topic(s) presented in this blog post, then please contact your Microsoft Premier Technical Account Manager (TAM) for more information on scheduling and our varied offerings!
If you are not currently benefiting from Microsoft Premier support and you’d like more information about Premier, please email the appropriate contact below, and tell them you how you got introduced!
For all other areas please use the US contact point.
Maybe you should tell, where exactly will be changes in the title already.
Hi Livio - can you clarify the above please? I'm not sure exactly what you want.
I can guess, but dont want to do that.