Get ready: Microsoft is raising the bar for encryption keys
Kandek says that a Microsoft Certificate Review project was triggered when Microsoft discovered that the Flame malware was signed by a legitimate Microsoft certificate. Kandek says, “RSA key lengths of under 1024 bits have been broken in the past and are considered to be forgeable.”
To strengthen certificate security and prevent such occurrences in the future, Microsoft will consider any certificate signed with a key less than 1024 bits to be invalid. Andrew Storms, director of security operations for nCircle, explains, “This mean older, legacy systems that rely on weak encryption or keys that are too short will stop working. Fix ‘em now, or be seriously sorry when they stop working in October.”
http://support.microsoft.com/kb/2661254 (XP) ? try and see
The RSA certificate for AdatumRootCA in this example is 2048 bits.
Use CAPI2 logging
On computers that are running Windows Vista or Windows Server 2008 or later versions of Windows, you can use CAPI2 logging to help identify keys that have a length of less than 1024 bits. You can then allow the computers to perform their usual operations and later check the log to help identify keys that have a length of less than 1024 bits. Then, you can then use that information to track down the sources of the certificates and make the necessary updates.
To do this, you must first enable verbose diagnostic logging. To enable verbose mode logging, follow these steps:
For all supported x86-based versions of Windows XP