Home / bulletins Microsoft Security Advisory (2862973): Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.2
Posted on 09 October 2013
Revision Note: V1.2 (October 8, 2013): Clarified that this update does not apply to Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. However, for all applicable operating systems, Microsoft reminds customers that administrators of enterprise installations should assess their environments for the existence of certificates with MD5 hashes and re-issue these certificates prior to broader distribution of the update, which Microsoft plans to release in February 2014.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
