{"id":7760,"date":"2018-11-21T00:34:00","date_gmt":"2018-11-20T23:34:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7760"},"modified":"2024-10-03T00:30:26","modified_gmt":"2024-10-02T22:30:26","slug":"windows-7-from-april-2019-sha-2-support-is-required","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/11\/21\/windows-7-from-april-2019-sha-2-support-is-required\/","title":{"rendered":"Windows 7: From April 2019 ‘SHA-2-Support’ is required"},"content":{"rendered":"

\"win7\"[German<\/a>]Users of Windows 7 SP1 (and its server counterparts) and WSUS will need a special update from April 2019, which will enable the machine to handle SHA2 code signatures. Without this update, these machines can no longer process updates.<\/p>\n

<\/p>\n

Background: Switching to SHA-2<\/h2>\n

\"\"Updates for Windows are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly and unmodified from Microsoft. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.<\/p>\n

SHA-2 required from 2019 onwards (Windows, WSUS)<\/h2>\n

In a 2019 support post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS<\/a> Microsoft has now announced changes in the code signing for Windows updates for 2019. The protection of Windows updates with two hash values (SHA-1 and SHA-2) will expire in 2019. Due to weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft will sign Windows updates only with the more secure SHA-2 algorithm.<\/p>\n

Customers using Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (and WSUS) must have SHA-2 code signing support installed on these systems by April 2019. Windows systems without SHA-2 support will no longer be eligible for Windows updates from April 2019.<\/p>\n

To prepare machines for this change, Microsoft 2019 will release appropriate updates to SHA-2 support. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deploy SHA-2-signed updates.<\/p>\n

Support for SHA-2 will be available in the monthly updates from early 2019. The migration process to exclusive SHA-2 support will be gradual and support will be offered in multiple update packages. Only one update package with SHA-2 support may be installed to activate support. Microsoft is striving for the following schedule to provide SHA-2 support.<\/p>\n