Windows 7 is equipped with SHA-2 Support, which supports future updates

An update released by Microsoft yesterday 12/3 has integrated SHA-2 signing support for Windows 7 SP1 and Windows Server 2008 R2 SP1. If users do not install this update, their Windows operating system will no longer be able to receive new updates starting July 16, 2019.

Currently all Windows updates are signed with both SHA-1 and SHA-2 code signing certificates. However, Microsoft has stated that starting July 16, 2019, Windows updates will only be signed with the SHA-2 algorithm. The cause of this decision is thought to be because security researchers have noted the emergence of many vulnerabilities in the SHA-1 algorithm making it less secure.

Windows 7 is equipped with SHA-2 Support, which supports future updates Picture 1

1. Microsoft tested Android screen mirroring feature on Windows 10 PC

"For the security of the user's system, previous Windows operating system updates are usually signed with both SHA-1 and SHA-2 hash algorithms, to verify that the updates sent directly from Microsoft and not spoofed during distribution, however, due to the emergence of many weaknesses in the SHA-1 algorithm, and at the same time to better meet industry standards, Microsoft decided to just sign Windows updates with a safer SHA-2 algorithm. "

In addition, Microsoft also announced that it will soon release an update introducing SHA-2 code signing support feature for both Windows 7 SP1 and Windows Server 2008 R2 SP1 because currently both platforms are not Support this feature.

1. Windows 10 automatically deletes updates that cause problems

Microsoft plans to release updates KB4490628 and KB4474419 to add SHA-2 support for both Windows 7 SP1 and Windows Server 2008 R2 SP1 as part of the March 2019 Patch Tuesday updates. These updates will be installed automatically and users should not block them because doing so will cause their Windows Update to no longer work in the future:

"Customers using older versions of the operating system (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to install support for signing SHA-2 code on their device in July. 2019. Note that any device not equipped with SHA-2 support will not be provided with new Windows updates after July 2019. To help you prepare for this change, We will complete the release of the SHA-2 signing support feature in 2019. Windows Server Update Services (WSUS) 3.0 SP2 will soon receive SHA-2 support to ensure the correct delivery of the updates sign SHA-2 '.

Windows 7 is equipped with SHA-2 Support, which supports future updates Picture 2

1. Microsoft released Windows 10 Insider Preview Build 18353, focusing on Sandbox improvements

Thus, Microsoft also released KB4484071 for users of WSUS 3.0 SP2 to support the provision of signed SHA-2 updates.

For users who decide not to install this update, Microsoft will redistribute them as security updates on April 9, 2019.