Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Microsoft Patches Eliminate Legacy System Support

Venafi : 22 August, 2012  (Technical Article)
Software supplier reacts to Flame threat by increasing cryptographic key encryption beyond the capabilities of legacy systems
Microsoft Patches Eliminate Legacy System Support

In the wake of Flame, the malware attackers used to spy on networks in Iran earlier this year, Microsoft has decided to upgrade its level of cryptographic key encryption and will support only systems using a minimum of 1024-bit keys. This change, which was applied on 15 August 2012, will materially impact organisations from today as they roll out the latest Microsoft patches.

What will this mean to your organisation? Quite simply, your older, legacy systems that rely on weak or too-short encryption keys won’t work. Calum Macleod, IT security expert at Venafi, the enterprise key and certificate management company, says: “This could spell disaster for many companies as their IT departments or their customers try to access legacy Microsoft applications or systems that rely on keys weaker than 1024 bits. Your systems could just come to a grinding halt.”

The Windows update affects Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems. Macleod suggests that to avoid system failures, you should assess which operating systems are currently running applications that rely on certificates with weaker keys, and replace these certificates with ones that rely on 1024-bit or stronger keys.

There are solutions for finding and automatically replacing at-risk certificates that use short keys or weak encryption algorithms. Among them is Venafi Assessor, a risk assessment capability made by Venafi, which contributed to the latest National Institute for Standards and Technology (NIST) Information Technology Laboratory (ITL) bulletin on certificate authority compromise and fraudulent certificates.

NIST currently recommends a Dec. 31, 2013 deadline for replacing 1024-bit with stronger RSA and DSA encryption. According to "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths," a 2011 special publication, "...since such keys are more and more likely to be broken as the 2013 date approaches, the data owner must understand and accept the risk of continuing to use these keys to generate digital signatures."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo