If anyone needs proof that Microsoft doesn't take their customers' security seriously, this report on Bleeping Computer is it.

For those who don't know, RSA security certificates are used to secure connections for services like HTTPS (secure web-site access), FTP (the usual method to upload files to remote web-servers), SSH (secure shell connections) and RDP remote desktop connection). The longer the key, the more secure it is (although there is a data processing overhead with longer keys), and 2048 bit keys have been common for a very long time, and the recommended minimum since 2013 (the Bleeping Computer report states that 1024 bit keys were disallowed by Internet standards and regulatory bodies in 2013. 2048 bit keys have been recommended since 2002. I have, on occasion, even generated 4096 bit RSA-based SSL certificates for web-sites.

Microsoft, however, is only now deprecating 1024 bit keys. Note that "deprecating" means that they are not encouraging the use of 1024 bit keys, rather than disabling them; you will get a warning, but will be allowed to create a connection to a system that uses one.

One of the systems that I have has a Windows 7 operating system (on a virtual machine). Windows 7 uses 1024 bit keys. Microsoft ended support for Windows 7 in January 2020, but in the 7 years since 1024 bit keys were disallowed (and the 12 years since 2048 bit keys have been recommended) no updates to introduce 2048 bit keys were issued by Microsoft.

Many popular tools (Firezilla, the most popular FTP client, all browsers and SSH) have required a minimum key length of 2048 bits since the end of 2013. I use Remmina (standard in Ubuntu and many other Linux variants) for my RDP sessions and it will not connect to a server unless it has at least 2048 bits; there is no option to ignore, and no way to relax the security settings. Windows, however, allows you to connect an RDP session to a remote system that has only a 1024 bit key (you will at least get a warning).

To spell it out clearly, your Microsoft systems are inherently insecure and prone to hacking, and the company doesn't care. Even if they did care, experience has shown that they are not good at system security, or indeed in issuing updates that work.

I know that many people still operate Windows 7 (the last Windows version that doesn't force system updates without the user's approval; there are several other legitimate reasons to use such an old operating system). If you are one of these, but would like to upgrade your RDP security, it is possible (complicated, but possible), here is what you can do:

1. Use openssl to generate a standard self-signed 2048 bit certificate (generates two files). There are thousands of sites on the web to show you how to do this. Here is one.
2. Package the two files into a pkcs12 file (see this guide).
3. When logged in on your Windows 7 system as a system administrator, carefully follow this guide to add the certificate. This method should also work on more recent versions of Windows.