cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SHA-1 Windows content to be retired August 3, 2020
By
Namrata_Bachwani
Published Jul 28 2020 05:00 PM 94.9K Views
Namrata_Bachwani
Microsoft
‎Jul 28 2020 05:00 PM

SHA-1 Windows content to be retired August 3, 2020

‎Jul 28 2020 05:00 PM

To support evolving industry security standards, and continue to keep you protected and productive, Microsoft will retire content that is Windows-signed for Secure Hash Algorithm 1 (SHA-1) from the Microsoft Download Center on August 3, 2020. This is the next step in our continued efforts to adopt Secure Hash Algorithm 2 (SHA-2), which better meets modern security requirements and offers added protections from common attack vectors.

 

SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

 

Microsoft no longer uses SHA-1 to authenticate Windows operating system updates due to security concerns associated with the algorithm, and has provided the appropriate updates to move customers to SHA-2 as previously announced. Accordingly, beginning in August 2019, devices without SHA-2 support have not received Windows updates. If you are still reliant upon SHA-1, we recommend that you move to a currently supported version of Windows and to stronger alternatives, such as SHA-2.

17 Comments
The_Smart_One
Iron Contributor
‎Jul 29 2020 10:04 AM
‎Jul 29 2020 10:04 AM

Hi. Let's see if I've got this article right: Downloadable contents are going to disappear from the Microsoft website, if their digital certificate is using a SHA-1 digest. Am I right?

0 Likes
Like
abbodi1406
Steel Contributor
‎Jul 29 2020 05:57 PM
‎Jul 29 2020 05:57 PM

I see that number of Office 2010 / 2013 (and even 2016) MSI updates are removed from Download Center

those the global exe installers without any alternative, and most of those updates are dual signed (sha1/sha256) anyway

 

bad decision

Sean Andrews
Copper Contributor
‎Jul 30 2020 03:05 PM
‎Jul 30 2020 03:05 PM

Can we assume all XP and 2003 updates gone then?  How long were Windows 7 and 2008/2008 R2 updates dual signed?  Can we get a breakdown by products, maybe with dates or years to know what will be removed?

0 Likes
Like
abbodi1406
Steel Contributor
‎Jul 30 2020 03:44 PM
‎Jul 30 2020 03:44 PM

@Sean Andrews  Windows 7 updates are dual signed since late April 2012

and most of the same updates files exist in Microsoft Update Catalog (its links don't usually stop working even if the update entry is removed/expired from catalog)

unlike Office updates global exe installers, they only exist in Download Center

0 Likes
Like
venkatramd
Copper Contributor
‎Jul 31 2020 08:24 AM
‎Jul 31 2020 08:24 AM

@Namrata_Bachwani 

Does it impact all the .NET downloads available in the Download Center?

What does retirement mean? They will no longer be available?

0 Likes
Like
Reza_Ameri-Archived
Bronze Contributor
‎Jul 31 2020 09:02 AM
‎Jul 31 2020 09:02 AM

Thank you for sharing.

I hope this process would be smooth and reliable so users won't see much difference and we have to be careful of message like certificate is invalid.

0 Likes
Like
HotCakeX
MVP
‎Aug 06 2020 12:15 AM
‎Aug 06 2020 12:15 AM

That's good news

0 Likes
Like
mruniqat
Copper Contributor
‎Aug 17 2020 02:10 AM
‎Aug 17 2020 02:10 AM

Could you guys please do us all a favor and offer all historic updates to archive.org? There are a lot of users out there which still like to use older Windows versions for fun on older computers, it would be a shame to behave like Sony&Co. who just deleted all old drivers from their driver pages. 

venkatramd
Copper Contributor
‎Aug 17 2020 01:30 PM
‎Aug 17 2020 01:30 PM

I'd second @mruniqat . Would be great to have some alternate 'archive' kind of location for legacy customers of ours.

Kuhwan
Copper Contributor
‎Oct 28 2020 10:45 PM
‎Oct 28 2020 10:45 PM

We are distributing an windows program with dual code signing (SHA-1 and SHA-2).

Should we change the dual signed program to SHA-2 signed?

 

 

0 Likes
Like
Narin777
Copper Contributor
‎Jan 13 2021 10:34 AM
‎Jan 13 2021 10:34 AM

การอัพเด็ดมันก็ดีอยู่แล้วใช่ไหม ไปสู่สิ่งใหม่ๆตัวไหนดีกว่าใหม่กว่าก็หน้าจะศึกษา และเรียนรู้ใว้ก็ไม่เสียหายนะครับ

0 Likes
Like
Susan Bradley
MVP
‎Feb 08 2021 03:46 PM
‎Feb 08 2021 03:46 PM

So how about you resign the wushowhide tool that we have to rely on to hide or block certain updates and drivers?

0 Likes
Like
fSevier
Copper Contributor
‎Apr 12 2021 02:37 PM
‎Apr 12 2021 02:37 PM

Something that might not have been considered, is that in a manufacturing environment in some cases we are forced to continue using older operating systems like Windows XP. Reason being is because that is the only operating system meeting the tool software system requirements... and the manufacturer is out of business or no longer supports that tool line so we are stuck with it. Last week, it was necessary to perform a Windows XP service pack 3 install on a tool computer. The install went well initially but when it reached near the end with a message "Performing cleanup" it did not finish. I've read that actually the program is trying to install updates in the background when it displays performing cleanup. Now that the service pack cannot check for updates, I believe that it will hang indefinitely for everyone... wasting their time as they are diligently waiting for the install to properly finish. After an hour of waiting I finally just rebooted the PC and luckily the service pack installation appeared to have successfully completed.

Maybe Windows XP SP3 is the only case, but I think Microsoft should modify the highest level service packs for each pre-Windows 7 OS to not check for updates during service pack install if updates are no longer available.   

0 Likes
Like
desbest
Copper Contributor
‎Apr 15 2021 12:42 PM
‎Apr 15 2021 12:42 PM

I use Office 2007. Does this mean that I won't be able to receive windows updates for Office 2007 any more?

 

I don't want to lose the SP3 Service Pack 3 update for Office 2007, junk mail filter update and the help updates.

0 Likes
Like
JustANoob
Brass Contributor
‎May 27 2021 09:10 PM
‎May 27 2021 09:10 PM

Looks like I'm impacted but I believe Microsoft isn't telling us everything. Should you need to reinstall Windows 7, you will run into issues. See this link for more. 

0 Likes
Like
stomlinson
Copper Contributor
‎May 23 2022 05:01 AM
‎May 23 2022 05:01 AM

Very good points of view here. I have a Sony Vaio and cant seem to get some of the updates no matter how hard I try. No wonder. Plus they are out of business or no longer exist. Thanks a lot

0 Likes
Like
Version history
Last update:
‎Jul 28 2020 05:01 PM
Updated by: