Posted on Tuesday, February 19 2019 @ 10:34 CET by Thomas De Maesschalck
Microsoft
issued a warning that users of Windows 7 and Windows Server 2008 may need to take action to ensure they continue to receive security updates. Users need to have SHA-2 code-signing installed by July 16, 2019, as Microsoft is dropping SHA-1 support because this algorithm is no longer considered secure.
To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.
Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates. Refer to the Product Updates section for the migration timeline.
As a reminder, Windows 7 hits the end of its lifecycle on January 14, 2020. Beyond that date, no further security updates will be provided for this aging operating system. Users are recommended to switch to a more modern operating system, like Windows 10.
