In an advisory posted August 16 Microsoft Security Advisory (2661254) , Microsoft warns that systems using RSA certificates less than 1024 will no longer be supported. While this is almost a month old, the Official Microsoft TechNet Blog on September 6 is re-iterating the issue and alert for businesses to update the keys being used in advance of the October Windows Update push.
The blog states the following:
“As many of you are aware, Security Advisory 2661254 was initially made available in August via the Download Center and the Microsoft Update Catalog, with distribution through Windows Update planned for October 2012. To help ensure that all customers are prepared for the update, we are reiterating those announcements before releasing the requirement change with our monthly bulletins on Oct. 9. Though many have already moved away from such certificates, customers will want to take advantage of September’s quiet bulletin cycle to review their asset inventories – in particular, examining those systems and applications that have been tucked away to collect dust and cobwebs because they “still work” and have not had any cause for review for some time.”
Microsoft is trying to sway those that do not patch or that are slow to patch that their systems may soon break as a result of this change. What is important to note, is that this will also impact end users as well. Which means that business could get calls from customers unable to access websites that have not updated their certificates.