-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-251A Microsoft Update For Minimum Certificate Key Length Original release date: September 07, 2012 Last revised: -- Systems Affected * Windows XP Service Pack 3 * Windows XP Professional x64 Edition Service Pack 2 * Windows Server 2003 Service Pack 2 * Windows Server 2003 x64 Edition Service Pack 2 * Windows Server 2003 with SP2 for Itanium-based Systems * Windows Vista Service Pack 2 * Windows Vista x64 Edition Service Pack 2 * Windows Server 2008 for 32-bit Systems Service Pack 2 * Windows Server 2008 for x64-based Systems Service Pack 2 * Windows Server 2008 for Itanium-based Systems Service Pack 2 * Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 * Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 * Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 * Windows Server 2008 R2 for Itanium-based Systems * Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 * Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) * Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) * Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Overview Microsoft has announced the availability of an update to Windows that restricts the use of certificates with RSA keys that are less than 1024 bits in length. Microsoft is planning to release this update through Microsoft Update in October 2012. System administrators of Microsoft Windows platforms should assess the impact of this update on their environment before any wide-scale deployment. Description Microsoft's KB2661254 article states in part: "The strength of public-key-based cryptographic algorithms is determined by the time that it takes to derive the private key by using brute-force methods. The algorithm is considered to be strong enough when the time that it takes to derive private key is prohibitive enough by using the computing power at disposal. The threat landscape continues to evolve. Therefore, Microsoft is further hardening the criteria for the RSA algorithm with key lengths that are less than 1024 bits long. After the update is applied, only certificate chains that are built by using the CertGetCertificateChain function are affected. The CryptoAPI builds a certificate trust chain and validates that chain by using time validity, certificate revocation, and certificate policies (such as intended purposes). The update implements an additional check to make sure that no certificate in the chain has an RSA key length of less than 1024 bits." Impact The private keys used in certificates with RSA keys that are less than 1024 bits in length can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Solution US-CERT recommends that system administrators of Microsoft Windows platforms read Microsoft's KB2661254 article and perform an extensive test of the update before doing any wide-scale deployment in their environment. The update will be sent to Microsoft Update for the October 2012 patch cycle. System administrators can obtain the update now from Microsoft's Download Center. References * Microsoft Security Advisory: Update for minimum certificate key length <http://support.microsoft.com/kb/2661254> * Microsoft Security Advisory (2661254) Update For Minimum Certificate Key Length <http://technet.microsoft.com/en-us/security/advisory/2661254> * Windows PKI Blog: RSA keys under 1024 bits are blocked <http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx> * Windows PKI Blog: Blocking RSA Keys less than 1024 bits (part 2) <http://blogs.technet.com/b/pki/archive/2012/07/13/blocking-rsa-keys-less-than-1024-bits-part-2.aspx> * Microsoft Download Center: Search results for KB2661254 <http://www.microsoft.com/en-us/download/search.aspx?q=kb2661254> Revision History September 07, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA12-251A Feedback VU#221532" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-251A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUEoR6HdnhE8Qi3ZhAQKMoggAn6DlhiX9DOd7ek2Q0WyqN8ZuRUjdclPy 5vPw+TUDzNSVdUrXGTxM1w/gVcNw7s58qpwv1dnJ/a7APgMV3NBZIfOJLjpepi1n ArQfhxQ31H00PqYzpNwLbVcsazDqys4xLSsEHgRhqpdAkacX9I8saRy6X3FERuhR KQiBNhr+0LuKGxLdMEbCDlfncF+RVWxjHkw08QczZPIHEDog8OM06OXQxLOwqbgy sqJU2mKkOfDTNzVktLFDstoXtZNqcL8vQnVatQpzR/1X9dcsfgUdEwTGkLLzlB/T xjuKTaMADbbWyKEycc9QV9eqF+LxPi3oMZcSZPehIIWe9VoVB9OgvA== =9JKA -----END PGP SIGNATURE-----