SOURCE: Venafi


October 04, 2012 08:00 ET

Venafi Warns That Failure to Identify and Replace Weak Encryption Keys Could Lead to Data Breaches and Critical Application Outages on Windows Systems

Microsoft Bulletin Highlights Risks Inherent in Weak Keys and Immediate Need to Harden Internal Defenses; Free Software Provided by Venafi Allows Enterprises to Find and Replace Weak Keys

SALT LAKE CITY, UT--(Marketwire - Oct 4, 2012) - Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, is advising all organizations reliant on Microsoft Windows operating systems to take immediate action to find and replace all digital certificates signed with RSA encryption keys that are less than 1024 bits in length. In the wake of the Flame malware attacks, Microsoft has advised its customers to take this step to harden security against known vulnerabilities and attack vectors in order to prevent business and operational disruptions.

According to Microsoft security advisories and its Security Response Center Blog (, Microsoft has set October 9 as the deadline for replacing all certificates signed with RSA keys less than 1024 bits in length. According to many reports, if not replaced by this deadline, the risk of certificate-based malware attacks will remain high and disruptions to business and computing operations could include everything from Internet Explorer failures to inability to encrypt or digitally sign emails on Outlook 2010 and other legacy systems that rely on the older, weaker encryption keys.

Microsoft is addressing its security problem with software updates and has encouraged administrators to accept and deploy them. However, the company's update does not address weak keys and certificates deployed that are outside of the Microsoft CAPI environment. Enterprises that want to address security risks driven by weak cryptographic keys deployed across their networks will need to utilize technologies outside of Microsoft updates to identify, revoke and replace these keys and certificates. Microsoft's efforts will not simply affect the certificate stores but any application that uses CAPI certificate processing -- no matter where the certificate is.

  • Who: Microsoft is advising all customers to harden defenses against weak encryption attacks
  • What: The company advises all customers to revoke and replace all RSA keys less than 1024 bits with keys with stronger bit lengths
  • Why: Weak keys are hackable and increase risk of compromise and data breach
  • When: Oct, 9, 2012
  • Next Steps: Enterprises should act immediately to find and replace all weak encryption keys
  • How: Venafi provides a free risk assessment capability that automates and simplifies key and certificate discovery, including the number of keys and certificates deployed, key lengths, certificate expiration dates, CA issuers and more at:

In January 2011, NIST depreciated keys of 1024 bits or less. Despite this guidance research demonstrates that 56 percent of organizations do not use recommended key lengths as part of their defenses and that 20 percent are not aware of what encryption keys they have in use. To learn more about security risks associated with weak key lengths and how to decrease risk through best practices, download the Venafi 2011 Security Best Practices Assessment:

About Venafi
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys -- from the datacenter to the cloud and beyond -- built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit