Microsoft has taken steps to enhance the safety of Windows by officially announcing the completion of support for RSA keys less than 2048 bits in the upcoming updates of the operating system. This move is aimed at improving the security of TLS servers, by blocking outdated or potentially harmful websites and applications.
In recent times, the company has been proactive in informing users about important TLS updates (Transport Layer Security) to make Windows a more secure OS. For instance, in September last year, Microsoft announced the discontinuation of TLS 1.0 and 1.1 support in Windows and Azure Storage Accounts, underscoring the importance of these changes for user safety.
In its latest safety update, Microsoft has explained that support for certificates with RSA keys less than 2048 bits will be ceased. This decision aligns with modern security standards and recommendations from regulatory authorities, which stress the use of RSA keys with a minimum length of 2048 bits. By making this transition, Microsoft aims to significantly enhance the level of protection compared to 1024-bit keys, thereby ensuring greater cryptographic reliability.
Although TLS certificates issued by corporate or test certification centers will remain unaffected by this change, Microsoft encourages transitioning to 2048-bit keys as a best practice for safety. Additionally, apart from updates related to TLS and RSA, Microsoft intends to bolster Windows security through other means, such as improving the Secure Boot keys inherited from Windows 8 and possibly introducing security chips like Pluton, similar to TPM. Furthermore, Microsoft plans to enhance the Windows core in the future by incorporating improvements for increased memory safety using the programming language Rust.