Microsoft also released a couple of security advisories today. Remote Desktop ProtocolSA 2861855 notifies of improvements in the RDP protocol to force users to authenticate themselves before they can get a logon screen. (Network Level Authentication (NLA)) Microsoft root certificates MD5 deprecationSA 2862973 and the updated SA 2854544 describe efforts to phase out the use of the old MD5 hash algorithm in Microsoft root certificates.
It amazes me how they still use such an ancient hash algorithm as MD5. I've been involved -now years ago- in a mandatory migration of SHA-1 to SHA-256 for use in (high end) certificates. The migration was mandatory from regulatory and legal perspective - ETSI TS 101 456. I've had to write justifications on why we needed a few more months of use of SHA-1 than the deadline that was imposed on us and detail the risk mitigation we had in place in order to justify that.
-- |
Swa 760 Posts Aug 13th 2013 |
Thread locked Subscribe |
Aug 13th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!