Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Microsoft update could disable some legacy systems

Legacy systems could grind to a halt as Microsoft rejects systems with RSA encryption keys less than 1024 bits.

In the wake of Flame — the malware attackers used to spy on networks in Iran earlier this year — Microsoft has decided to upgrade its level of cryptographic key encryption and will support only systems using a minimum of 1024-bit keys. This change, which was applied on 15 August 2012, will materially impact organisations from 21st August as organizations roll out the latest Microsoft patches.

What will this mean to your organization? Quite simply, your older, legacy systems that rely on weak or too-short encryption keys won’t work once the patch is applied.

Calum Macleod, IT security expert at Venafi, the enterprise key and certificate management company, says: “This could spell disaster for many companies as their IT departments or their customers try to access legacy Microsoft applications or systems that rely on keys weaker than 1024 bits. Your systems could just come to a grinding halt.”

The Windows update affects Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems. Macleod suggests that to avoid system failures, you should assess which operating systems are currently running applications that rely on certificates with weaker keys, and replace these certificates with ones that rely on 1024-bit or stronger keys.

There are solutions for finding and automatically replacing at-risk certificates that use short keys or weak encryption algorithms. Among them is Venafi Assessor, a risk assessment capability made by Venafi, which contributed to the latest National Institute for Standards and Technology (NIST) Information Technology Laboratory (ITL) bulletin on certificate authority compromise and fraudulent certificates.

NIST currently recommends a Dec. 31, 2013 deadline for replacing 1024-bit with stronger RSA and DSA encryption. According to ‘Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths,’ a 2011 special publication, "...since such keys are more and more likely to be broken as the 2013 date approaches, the data owner must understand and accept the risk of continuing to use these keys to generate digital signatures."

•Date: 23rd August 2012 • World •Type: Article • Topic: ICT continuity

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here