MS ups the ante on Security Certificates in October

About a week ago (yes, I’m catching up on slightly older news), Microsoft published a Support article aimed at IT professionals (and Sys Admins in particular) about an upcoming update.

If you’re managing a secure site (or any resource protected with RSA Certificates), you may want to read through it, since it announces that an update available for all supported versions of Windows (KB 2661254) blocks RSA certificates with keys shorter than 1,024 bits. The same minimum-length constraints is already in place in Windows 8 (and Windows 2012).

Among other things, this means that IE won’t be able to access sites and resources protected by certificates with a shorter key, Outlook might not be able to encrypt or digitally sign emails, or communicate with Exchange Servers. (you may get a few calls if you’re not prepared and your end-users get rejected).

In addition, as reported by InformationWeek, this patch will be released as an automatic Windows update on October 9th, 2012.

So, well… check your keys and re-issue as needed.

Keys Icon from Wikimedia Commons Crystal Project.


Tags: , , ,

About FR

Software Craftsman

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s