Microsoft just lately introduced that these operating legacy platforms should set up sure updates to supply assist for SHA-2 hash values. Home windows 7 and different legacy platforms use SHA-1 to check hash values of the code. When an replace is downloaded from Microsoft, it is available in elements which can be recompiled collectively on the pc.
If all of the items match the anticipated SHA-1 hash values, then the replace is accepted for set up. If the SHA-1 hash values aren’t correct, then these elements of the replace are flagged to be redownloaded and compiled once more. It’s a patching course of that has stood the take a look at of time and ensures that patches can’t be tampered with.
Till now.
The SHA-1 hash course of has been discovered to be insecure and in a position to be spoofed. It’s time to now be certain that all updating mechanisms can deal with SHA-2. If you’re operating Home windows Software program Replace Providers (WSUS) as put in on Home windows Server 2016 or Home windows 2019, these platforms at present assist each SHA-1 and SHA-2 code signing. As famous in KB4472027, Microsoft will part within the SHA-2 assist first by flipping to twin code signing as of August 13, 2019 after which on September 16, it’ll mandate that you need to have these patches in place.
Right here is the timeline and actions it’s good to tackle legacy methods.
