Devices that run legacy Windows versions and support SHA-1 will be blocked from updating in 2019
Secure Hash Algorithm (SHA) was developed as an irreversible hashing modality to sign downloads such as updates. Now, however, Microsoft asserts that SHA-1 is not secure enough, especially for today's world of cloud-based computing and super-fast processors. Therefore, only SHA-2 is now approved for code-signing for some legacy versions of Windows.
As a result, machines that run copies of Windows Server 2008 SP2, Windows Server 2008 R2 SP1 or Windows 7 SP1 that support SHA-1 will find that they will no longer be able to update by April 2019. However, Microsoft intends to provide the support necessary for these devices to upgrade to SHA-2 by then. The company claims that it is taking this action in order to "align to industry standards" as well as to ensure secure update signing. SHA-2 support will be pushed through Standalone and Monthly Preview updates.
This move will also affect some users of the Windows Server Update Services (WSUS). However, they will also be provided with official support for the upgrade to SHA-2. This phasing out of SHA-1 may be a reasonable ramification of increasingly fast-moving software and hardware evolution, but may cause some adversity for those who still prefer older versions of Windows.