New Software Update to Windows Restricts Use of Certificates with RSA Keys Less Than 1024 bits in Length
On Tuesday, Microsoft
announced the availability of an update to Windows that restricts the
use of any certificates with RSA keys less than 1024 bits in length.

The
reason, Microsoft explains, is that weak certificates with keys less
than 1024 bits in length can be derived with few resources in a rather
short amount of time and could allow an attacker to duplicate the
certificates and use them fraudulently to spoof content, perform
phishing attacks, or perform man-in-the-middle attacks. (For the
technically curious, you can read about MD5 collision attacks here and here).

Additionally, in the advisory,
Microsoft said it would release the update through Microsoft Update in
October, 2012 “after customers have a chance to assess the impact of
this update and take necessary actions to use certificates with RSA keys
greater than or equal to 1024 bits in length in their enterprise.”
To
that note, Microsoft suggests that customers download the update and
assess the impact of blocking certificates with RSA keys less than 1024
bits in length before applying the update across their
enterprise. The reason is that there are several known issues associated
with the update that could disrupt operations.
More...
Fuente: www.securityweek.com/
No hay comentarios:
Publicar un comentario