Windows 7/Server 2008 R2: No more driver updates via Windows Update

Update[German]Systems running Windows 7 SP1 and Windows Server 2008 R2 will no longer receive driver updates via Windows Update as of June 17, 2021. Microsoft has just announced this in a Techcommunity post. The reason is an expired SHA-1 certificate. However, manufacturers can still offer drivers with SHA-2 signature, but this can lead to problems.


As of June 17, 2021, Microsoft has stopped releasing drivers for Windows 7 SP1, Windows Server 2008 and Windows Server 2008 R2 via Windows Update. However, organizations that have opted into the Extended Security Updates (ESU) program can continue to deploy the drivers to your managed devices via Windows Server Update Services (WSUS) and other supported methods.

The reason for this move is that the SHA-1 Trusted Root Certificate Authority for Windows 7 SP1, Windows Server 2008, Windows Server 2008 R2 expired on May 9, 2021 and is no longer used by Microsoft. Microsoft writes that partners using the Microsoft Trusted Root program could release incompatible SHA-2 signed drivers for unpatched Windows Client and Windows Server devices. 

This, in turn, could cause functionality to be compromised or devices to fail to boot. This happens because unpatched systems have code integrity errors when presented with a SHA-2 signed driver. To minimize the potential impact of these incompatibilities, Microsoft will stop releasing SHA-2 signed drivers on Windows Update targeting devices running Windows 7 SP1, Windows Server 2008 and Windows Server 2008 R2 on June 17, 2021.

This information can be found in the Techcommunity post Changes to driver publication for Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008, where more details can also be found. (via)

Cookies helps to fund this blog: Cookie settings


This entry was posted in Software, Update, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *