Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Information Brief: Upcoming Microsoft Update Will Increase Minimum Certificate Key Length Requirement for Windows


( Microsoft Security Advisory 2661254, Microsoft Knowledge Base Article 2661254 )

Summary


Microsoft has released an update for Windows that changes the minimum acceptable key length for certificates used in Public Key Infrastructure (PKI) to 1024 bits. This update can be downloaded and evaluated now. It will be distributed to all supported versions of Windows via Microsoft Update on October 9, 2012.

Details

In its ongoing effort to maximize the security of the Windows environment, Microsoft is increasing the minimum RSA key length requirement of PKI authentication/encryption certificates to 1024 bits. One result that is perhaps obvious is that Internet Explorer will no longer authenticate secured sites whose authentication certificates employ key lengths less than 1024 bits. However, it has a number of other implications, which are discussed in detail in Microsoft Knowledge Base Article 2661254.

Affected Products


This change will affect all versions of Windows currently supported by Microsoft.

Recommendations


Check Point recommends that security administrators install the update on test machines now, and evaluate its potential effects on your organization's operations. In addition, any certificates that your organization "owns" should be regenerated to use key lengths of 2048 or even 4096 bits prior to October 9. 1024 bits is considered a minimum, and it would be prudent to go ahead and deploy certificates with very strong keys, maximizing their useful life.

 

Originally Published:

Last Updated: 11-Sep-2012

Legal Notice for Threat Center Advisories