Notebookcheck Logo

Devices that run legacy Windows versions and support SHA-1 will be blocked from updating in 2019

Win7 SP1 is old, but some people still like it. (Source: YouTube)
Win7 SP1 is old, but some people still like it. (Source: YouTube)
Microsoft has announced that only Secure Hash Algorithm 2 (SHA-2) code-signing will be used to update legacy versions of Windows (namely Windows Server 2008 SP2, Windows Server 2008 R2 SP1 and Windows 7 SP1). Machines that only support SHA-1 will be considered too vulnerable, and will be prevented from updating by next April.

Secure Hash Algorithm (SHA) was developed as an irreversible hashing modality to sign downloads such as updates. Now, however, Microsoft asserts that SHA-1 is not secure enough, especially for today's world of cloud-based computing and super-fast processors. Therefore, only SHA-2 is now approved for code-signing for some legacy versions of Windows

As a result, machines that run copies of Windows Server 2008 SP2, Windows Server 2008 R2 SP1 or Windows 7 SP1 that support SHA-1 will find that they will no longer be able to update by April 2019. However, Microsoft intends to provide the support necessary for these devices to upgrade to SHA-2 by then. The company claims that it is taking this action in order to "align to industry standards" as well as to ensure secure update signing. SHA-2 support will be pushed through Standalone and Monthly Preview updates.

This move will also affect some users of the Windows Server Update Services (WSUS). However, they will also be provided with official support for the upgrade to SHA-2. This phasing out of SHA-1 may be a reasonable ramification of increasingly fast-moving software and hardware evolution, but may cause some adversity for those who still prefer older versions of Windows.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 11 > Devices that run legacy Windows versions and support SHA-1 will be blocked from updating in 2019
Deirdre O Donnell, 2018-11-23 (Update: 2018-11-23)