Security Advisory

Microsoft Security Advisory 2661254

Update For Minimum Certificate Key Length

Published: August 14, 2012 | Updated: October 09, 2012

Version: 2.0

General Information

Executive Summary

Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Note This update impacts applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function. These applications and services will no longer trust certificates with RSA keys less than 1024 bits in length. Examples of impacted applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments. Certificates that use cryptographic algorithms other than RSA are not affected by this update. For more information about applications and services impacted by this update, see Microsoft Knowledge Base Article 2661254.

The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows. In addition, as of October 9, 2012, this update is offered via automatic updating and through the Microsoft Update service.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information.

Known Issues. Microsoft Knowledge Base Article 2661254 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues.

Advisory Details

Issue References

For more information about this issue, see the following references:

References Identification
Microsoft Knowledge Base Article 2661254 

Affected Software and Devices

This advisory discusses the following software.

Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

 

Frequently Asked Questions

Why was this advisory revised on October 9, 2012?
Microsoft revised this advisory for the following reasons:

  • To rerelease the KB2661254 update for Windows XP to address an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. For more information about this issue, see Microsoft Security Advisory 2749655. Customers who have already successfully installed this update to their Windows XP systems do not need to take any action. Additionally, customers will not be reoffered this update if it is already installed on their systems. The rereleased update only applies to Windows XP systems that have not previously installed this update.
  • To announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating.

Why was this advisory revised on September 11, 2012?
Microsoft revised this advisory to clarify that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.

For more information about the possible impact to customers and known issues that customers may experience when installing this update, see Microsoft Knowledge Base Article 2661254.

What is the scope of the advisory?
The purpose of this advisory is to notify customers that an update is available for all supported releases of Microsoft Windows that will require certificates to contain RSA keys greater than or equal to 1024 bits in length. Certificates with RSA keys less than 1024 bits in length can be derived in a short amount of time and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This update is fully tested and is of sufficient quality for release. The update was released to the download center to allow customers to assess their environment and provide the opportunity to re-issue necessary certificates prior to broader distribution via Microsoft Update.

How might an attacker use certificates fraudulently?
An attacker could duplicate the certificate and use it to fraudulently spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

How might an attacker duplicate a certificate?
A digital certificate can only be created by the person who possesses the certificate’s private key. An attacker can attempt to guess the private key and use mathematical techniques to determine if a guess is correct. The difficulty of successfully guessing the private key is proportional to the number of bits used in the key. Therefore, the larger the key the longer it takes an attacker to guess the private key. Using modern hardware, keys less than 1024 bits in length can be successfully guessed in a short amount of time. Once the attacker successfully guesses the private key, the attacker can duplicate the certificate and use it fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

What is a man-in-the-middle attack?
A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker’s computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user.

What is a digital certificate?
In public key cryptography, one of the keys, known as the private key, must be kept secret. The other key, known as the public key, is intended to be shared with the world. However, there must be a way for the owner of the key to tell the world who the key belongs to. Digital certificates provide a way to do this. A digital certificate is an electronic credential used to certify the online identities of individuals, organizations, and computers. Digital certificates contain a public key packaged together with information about it - who owns it, what it can be used for, when it expires, and so forth.

How do I prepare for this release?
Please see the Suggested Actions section for a list of actions to perform in preparation for deploying this update.

When will Microsoft release this update to Microsoft Update?
Microsoft plans to release this update via Microsoft Update in October, 2012.

What does the KB2661254 update do?
On all supported releases of Microsoft Windows, the KB2661254 update requires that certificates with RSA keys use 1024 bit key length or greater. Certificates that use cryptographic algorithms other than RSA are not impacted by this update. Microsoft products or third-party products that call into the CertGetCertificateChain function will no longer trust certificates with RSA keys less than 1024 bit key lengths. This function builds a certificate chain context starting from the end certificate going back, if possible, to a trusted root certificate. When the chain is validated, every certificate in the chain is inspected to ensure that it has an RSA key length of at least 1024 bits in length. If any certificate in the chain has an RSA key less than 1024 bits in length, the end certificate will not be trusted.

Additionally, the update can be configured to log when certificates are blocked by the update. For more information regarding enabling this logging feature, please see the Suggested Actions section of this Advisory. For a complete list of scenarios on how this update will block the usage of RSA keys less than 1024 bits in length, please see the Microsoft Knowledge Base Article 2661254.

Does this update apply to Windows 8 Release Preview or Windows Server 2012 Release Candidate?
No. This update does not apply to Windows 8 Release Preview or Windows Server 2012 Release Candidate because these operating systems already include the functionality to require that certificates with RSA keys use 1024 bit key length or greater.

What if I find a certificate with an RSA key less than 1024 bits in length?
Customers that identify any certificates that use RSA key lengths less than 1024 bits in their environments will need to request longer certificates from their certification authority. Customers that manage their own PKI environments will need to create new longer key pairs and issue new certificates from these new keys. Customers should evaluate using a sufficient key length to match their requirements for data encryption which may exceed the minimum required by this update.

What is a certification authority (CA)?
A certification authority (CA) is responsible for attesting to the identity of users, computers, and organizations. The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate. The CA can also manage, revoke, and renew certificates.

A certification authority can refer to the following:

  • An organization that vouches for the identity of an end user
  • A server that is used by the organization to issue and manage certificates

Suggested Actions

For supported releases of Microsoft Windows

Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install the KB2661254 update manually, Microsoft recommends that customers download the update and assess the impact of requiring that certificates with RSA keys use 1024 bit key length or greater. See Microsoft Knowledge Base Article 2661254 for download links to the update packages or search the Microsoft Update Catalog for the update packages.

Administrators and enterprise installations should assess their environment for the existence of certificates with RSA keys less than 1024 bits in length and re-issue these certificates. For more information about applications and services impacted by this update, see Microsoft Knowledge Base Article 2661254.

Additional Suggested Actions

  • Identify certificates with RSA key lengths less than 1024 bits in length in use in the enterprise

    Please see Microsoft Knowledge Base Article 2661254 for detailed instructions on how to find RSA certificates that are currently in use in the enterprise.

  • Examine Microsoft Knowledge Base Article 2661254 for scenarios when this update will block certificates

    Examine Microsoft Knowledge Base Article 2661254 for a list of scenarios when this update will block certificates with RSA keys less than 1024 bits in length.

  • Enable certificate logging to help identify the usage of RSA keys less than 1024 bits in length

    By default, logging is not enabled. Logging can be enabled to help identify the usage of RSA keys less than 1024 bits in length by setting the logging directory in the registry.

    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config] " WeakSignatureLogDir"

    You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, see Core Group Policy Tools and Settings.

    Impact of Workaround: Enabling logging on a production system can cause performance issues and should be used with caution. Special attention should be given to the directory that logging is enabled on to avoid filling up the volume. This directory also needs to be configured to allow all appropriate systems to write to this location. Customers should never allow anonymous users to write to shares within the organization.

  • Protect your PC

    We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates, and installing antivirus software. For more information, see Microsoft Safety & Security Center.

  • Keep Microsoft Software Updated

    Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Other Information

Feedback

Support

  • Customers in the United States and Canada can receive technical support from Security Support. For more information about available support options, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit International Support.
  • Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (August 14, 2012): Advisory published.
  • V1.1 (August 14, 2012): Executive Summary corrected to help clarify that after applying this update, customers need to use certificates with RSA keys greater than or equal to 1024 bits in length.
  • V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.
  • V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

Built at 2014-04-18T13:49:36Z-07:00