This morning, the Microsoft Security Response Center published its monthly security bulletins.  One thing you should do, if you haven’t already, is evaluate your environments for dependencies on certificates with RSA key length less than 1024 bits. In October the bar gets raised on certificate requirements in an effort to help create a safer more trusted Internet for everyone. 

You can read all the details of the new requirements in this advisory published back on August 14, 2012: Microsoft Security Advisory (2661254), Update For Minimum Certificate Key Length

It’s important to evaluate environments and reissue certificates where existing ones no longer meet the new minimum certificate requirements.  Otherwise you might encounter known issues that could impact email (S/MIME), Web (https), as well as signed ActiveX controls and Applications. To help with the transition, I strongly recommend evaluating your environments with the update provided in Security Advisory (2661254). Should you experience challenges with the update, Knowledge Base article 2661254 has been created with resolutions for known issues.   I also recommend reading the Windows PKI blog post on these changes, located here: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx.

Tim Rains
Director
Trustworthy Computing