Secure Hash Algorithm 1 (SHA-1) has become less secure for Windows 7 code signing. So, Microsoft advises users to promptly upgrade to SHA 2 for the code signing of Windows updates.
In an official document, Microsoft reports that
Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019.
Windows updates are dual signed in the latest versions of Windows. However, Windows 7 only uses SHA 1. So, it is compulsory for Windows 7 devices to upgrade to SHA 2 by July.
If you don’t install SHA 2, you won’t get any updates
Microsoft has already announced to wrap the Windows 7 from the market in June 2020. However, if users do not upgrade to SHA -2, they would be deprived of the updates for their OS six months earlier than it would be officially ceased by the Redmond tech company.
Both the SHA-1 and SHA- 2 are the code signing algorithms for the Windows updates. These algorithms ensure that updates installed in OS come directly from Microsoft and are not tempered. But now, the company says that SHA 1 has security issues due to which it can’t be further trusted for the code-signing.
According to the officials, the new architecture features increased processor performance and cloud computing support. So, a stronger alternative SHA 2 is suggested to users to not suffer the same issues.
The company will provide a patch to users to upgrade to SHA 2 on 12 March.
Any devices without SHA-2 support will not be offered Windows updates after July 2019.
Furthermore, it is reported that the company will also release support for SHA-2 signing in 2019. The migration process to SHA-2 support will occur in stages, and support will be delivered in standalone updates. Microsoft also shares the schedule to offer SHA-2 support.
RELATED GUIDES YOU NEED TO CHECK OUT: