Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft is giving IT administrators a break next week, with the software giant only planning to release two patches to remedy four vulnerabilities.
Each of the bulletins, to be distributed Tuesday afternoon EST, is rated "important," meaning they do not meet Microsoft's highest-severity designation of "critical," and address issues in Visual Studio Team Foundation Server and System Center Configuration Manager.
The big news out of next week's automatic update is that it will include new requirements that users must employ certificates carrying an RSA key length of at least 1,204 bits. Customers actually are encouraged to run certs with much higher key lengths, even beyond 2,048 bits.
This is an additional safeguard that the software giant is releasing as a result of the Flame virus, which spread by spoofing Microsoft certificates.
"Though many have already moved away from such certificates, customers will want to take advantage of September's quiet bulletin cycle to review their asset inventories -- in particular, examining those systems and applications that have been tucked away to collect dust and cobwebs because they 'still work' and have not had any cause for review for some time," wrote Angela Gunn of Microsoft Trustworthy Computing in a Thursday blog post.
She acknowledged that customers should be prepared for a number of known kinks, including error messages or other difficulties, when applying the key length update.
Andrew Storms, director of security operations for vulnerability management vendor nCircle, said administrators must take this update seriously.
"This means older, legacy systems that rely on weak encryption or keys that are too short will stop working," he said in prepared email comments sent to SCMagazine.com. "Fix ‘em now, or be seriously sorry when they stop working in October.”
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.