Microsoft warns of encryption changes ahead of monthly patch release

Microsoft is planning a relatively light load for its upcoming monthly security patch release.

The company said that the September edition of Patch Tuesday would contain just two bulletins, each of which has been rated by the company as "important".

In total, the bulletins address four vulnerabilities in Visual Studio Team Foundation Server and System Center Configuration Manager.

While the company is not providing details on the vulnerabilities until after the update has been released, patches rated as "important" are considered to be lower priority that "critical" updates and generally do not address serious issues such as easily-targeted remote code execution flaws.

Microsoft also issued a warning to users about an upcoming change to the way Windows handles RSA encryption keys. The company said that in October it will issue an update which will force the use of keys which are at least 1024 bits in length.

"For those who find they are using certificates with RSA key lengths of less than 1024 bits, those certificates will be required to be reissued with at least a 1024-bit key length," Microsoft senior response communications manager Angela Gunn said in a company blog post.

"We recommend that you evaluate your environments with the information provided in Security Advisory 2661254 and your organisation is aware of and prepared to resolve any known issues prior to October."