From: "Maureen Eagan" <Maureen.Eagan@microsoft.com> Date: July 27, 2012 4:03:07 PM CDT To: "Maureen Eagan" <Maureen.Eagan@microsoft.com> Subject: August Security Release Cycle Will Block RSA Keys Under 1024 Bits

On August 14, Microsoft will release an update included in the August Security Bulletin Cycle that will block any RSA Keys Under 1024 Bits in length. This change is required to meet the needs of the evolving threat landscape.

Below is brief overview of this change:

Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time required to derive the private key is long enough to discourage attempts to derive the key. The threat landscape continues to evolve. As such, we are further hardening our criteria for the RSA algorithm with key length less than 1024 bits. To further reduce the risk of unauthorized exposure of sensitive information, Microsoft has created a software update that will be released in August 2012 for the following operating systems: Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This update will block the use of cryptographic keys that are less than 1024 bits.

To Prepare for this update: - Determine whether your organization is currently using keys less than 1024 bits. - If you do have keys less than 1024 bits, then you should take steps to update your cryptographic settings such that keys under 1024 bits are not in use. The blog about this change that includes steps to check for and update these keys can be found here: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspxAdditional information about PKI: http://blogs.technet.com/pki

Some issues that may occur after applying this update: · Error messages when browsing to web sites · Problems enrolling for certificates · Creating or consuming email(S/MIME) messages · Installing ActiveX controls · Installing applications Note: You will be able be modify how the update works via registry settings if they are not ready to have these changes applied across their Enterprise. At the time of release the Security Team will have another blog post to discuss these settings and a TechNet Wiki article that will describe how to identify and resolve issues with the update.

If there is anything I can do to assist you with this process, please do not hesitate to contact me directly.