[ad_1]
Microsoft has announced on its support website that future updates to Windows 7 and Windows Server 2008 will require the installation of SHA-2 code signing support effective July 16, 2019.
SHA-2 code signing support will be added to Windows 7 SP1 and Windows Server 2008 R2 SP1 on March 12 and April 9, respectively, as part of dedicated standalone security updates.
While Windows updates currently use SHA-1 and SHA-2 hashing algorithms for codeigning purposes, migration to SHA-2 is required because the SHA-1 algorithm is affected by a number of weaknesses that make it less secure. years.
According to the Microsoft support article:
To protect your security, Windows OS updates are signed twice using SHA-1 and SHA-2 hashing algorithms to authenticate that updates come from directly from Microsoft and have not been altered upon delivery. Due to the weaknesses of the SHA-1 algorithm and its alignment to market standards, Microsoft will only sign Windows updates using exclusively the SHA-2, more secure algorithm .
Microsoft also advises customers who use Windows Server Update Services (WSUS) 3.0 SP2 to update their servers with SHA2 updates for WSUS 3.0 SP2 until June 18 in order to ensure that they are free. they can provide subsequent updates signed SHA2 in their business environment.
Windows Server Update Services (formerly known as Software Update Services) is a program designed to allow Windows administrators to manage the distribution of updates and patches on workstations in a corporate environment.
The complete calendar of the SHA-2 code signature support migration process is shown in the table below. However, the dates can be modified according to Microsoft:
Target date |
Event |
Apply to |
March 12, 2019 |
Stay alone Updates that introduce support for SHA-2 panels will be released as security updates. |
Windows 7 SP1, Windows Server 2008 R2 SP1. |
March 12, 2019 |
Stay alone the update will be delivered to WSUS 3.0 SP2 which will support the provision of SHA-2 signed updates. For customers using WSUS 3.0 SP2, this update must be installed by June 18, 2019. |
WSUS 3.0 SP2 |
April 9, 2019 |
Stay alone Updates that introduce support for SHA-2 panels will be released as security updates. |
Windows Server 2008 SP2. |
June 18, 2019 | Signatures for Windows 10 updates have changed from the double signature (SHA1 / SHA2) to the SHA2 signature only. No customer action is expected for this milestone. | Windows 10 1709, Windows 10 1803, Windows 10 1809, Windows Server 2019 |
June 18, 2019 | Required fields: For customers using WSUS 3.0 SP2, updates must be installed before this date. | WSUS 3.0 SP2 |
July 16, 2019 |
Required fields: Updates to older versions of Windows will require the installation of SHA-2 code signing support. Support published in March and April will be required to continue receiving updates from these versions of Windows. |
Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2. |
July 16, 2019 | Signatures for Windows 10 updates have changed from the double signature (SHA1 / SHA2) to the SHA2 signature only. No customer action is expected for this milestone. | Windows 10 1507, Windows 10 1607, Windows 10 1703 |
August 13, 2019 | The update content of older versions of Windows will be signed SHA2 (will incorporate signed binaries and catalogs). No customer action is expected for this milestone. | Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2. |
September 16, 2019 | The signatures of the legacy Windows updates have changed from the double signature (SHA1 / SHA2) to the SHA2 signature only. No customer action is expected for this milestone. | Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 |
[ad_2]
Source link