From Angela Gunn @ the Microsoft Security Response Center:

As we prepare for September's two security updates, we'd like to remind you about an important change to Windows' certificate requirements included in Security Advisory 2661254 (Update For Minimum Certificate Key Length). In June, we began communicating this change, which will help improve security across the Windows platform by increasing the requirement for certificates used in Public Key Infrastructure (PKI) to an RSA key length minimum of 1024 bits. By raising the bar of our certificate requirements, as part of our ongoing work to evaluate Microsoft's security efforts and make improvements, we aim to help create a safer more trusted Internet for everyone.

As many of you are aware, Security Advisory 2661254 was initially made available in August via the Download Center and the Microsoft Update Catalog, with distribution through Windows Update planned for October 2012. To help ensure that all customers are prepared for the update, we are reiterating those announcements before releasing the requirement change with our monthly bulletins on Oct. 9. Though many have already moved away from such certificates, customers will want to take advantage of September's quiet bulletin cycle to review their asset inventories - in particular, examining those systems and applications that have been tucked away to collect dust and cobwebs because they "still work" and have not had any cause for review for some time.

For those who find they are using certificates with RSA key lengths of less than 1024 bits, those certificates will be required to be reissued with at least a 1024-bit key length. (1024 should, by the way, be considered a minimum length; the most up-to-date security practices recommend 2048 bits or even better.) We recommend that you evaluate your environments with the information provided in Security Advisory 2661254 and your organization is aware of and prepared to resolve any known issues prior to October.

Some known issues that customers may encounter after applying this update may include:

• Error messages when browsing to web sites that have SSL certificates with keys that are less than 1024 bits
• Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
• Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
• Difficulties installing Active X controls that were signed with less than 1024 bit signatures
• Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to Jan. 1, 2010, which will not be blocked by default)

Continued :