Security Advisory - Update For Minimum Certificate Key Length

As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) - Update For Minimum Certificate Key Length to make you aware of the fact that we will invalidate all certificates with RSA keys less than 1024bit. The update is already available on the download center but not yet on Microsoft Update or WSUS.

The reason why we chose to go for an advisory "only" is to give you enough time to test and investigate. Please ensure that there are no certificates (e.g. machine authentication certs) with keys less than 1024 bits. If there are, replace them immediately. Otherwise authentication might fail from October onwards.

I got asked how big the problem is: Honestly, I do not know but what I know is that we have customers who found issues – so go ahead and investigate!

Roger