To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.As a reminder, Windows 7 hits the end of its lifecycle on January 14, 2020. Beyond that date, no further security updates will be provided for this aging operating system. Users are recommended to switch to a more modern operating system, like Windows 10.
Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates. Refer to the Product Updates section for the migration timeline.
Windows 7 users will need SHA-2 code-signing to get further updates
Posted on Tuesday, February 19 2019 @ 10:34 CET by Thomas De Maesschalck