1 Reply Latest reply on Aug 7, 2012 5:00 PM by Tanner Lindsay

    Microsoft Security Release to block crypto key less than 1024-bit - August 14th

    Rookie

      My security team has informed me that the communication between the LDMS 9 sp2 server and the LDMS agent uses a certificate that has a 512 bit key . August 14th Microsoft will release a patch that will block web sites, certificates, emails, Active X Controls, and applications that use less than 1023-bit encryption will this effect my ability to use Landesk if a client applies this patch? By inspection it seems that it would but I wanted to get some extra eyes on it to verify?

       

      From MS Support

       

      On August 14, Microsoft will release an update included in the August Security Bulletin Cycle that will block any RSA Keys Under 1024 Bits in length.  This change is required to meet the needs of the evolving threat landscape.

       

      This update will be classified as a Critical, Non-Security update.  This means that when the update releases, it will be available on WSUS for deployment when you choose, and does not need to be linked to your standard security bulletin / update release process.

       

      Below is  brief overview of this change:

      Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time required to derive the private key is long enough to discourage attempts to derive the key. The threat landscape continues to evolve. As such, we are further hardening our criteria for the RSA algorithm with key length less than 1024 bits. To further reduce the risk of unauthorized exposure of sensitive information, Microsoft has created a software update that will be released in August 2012 for the following operating systems: Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This update will block the use of cryptographic keys that are less than 1024 bits.

       

      To Prepare for this update:

      -          Determine whether your organization is currently using keys less than 1024 bits.

      -          If you do have keys less than 1024 bits, then you should take steps to update your cryptographic settings such that keys under 1024 bits are not in use.The blog about this change that includes steps to check for and update these keys can be found here: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

      Additional information about PKI: http://blogs.technet.com/pki

       

      Some issues that may occur after applying this update:

      • Error messages when browsing to web sites
      • Problems enrolling for certificates
      • Creating or consuming email(S/MIME) messages
      • Installing ActiveX controls
      • Installing applications