Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Heads up: A ‘critical’ Win7/Server 2008 patch coming in February/March that’s really critical

Karlston

By Karlston
in Software News

Recommended Posts

Karlston

Karlston

Posted
Posted

Microsoft is changing its method for electronically signing patches from an old approach known as SHA-1 to the much more secure SHA-2. If you want to continue to get Win7, Server 2008 and WSUS security patches, you need to install a patch in February or March that makes Windows SHA-2-conversant. If it gets the patch right.

patch on top of Windows logo
Thinkstock/Microsoft

There’s an important move afoot, if you’re using Windows 7 or Server 2008, or an older version of Windows Server Update Services. Starting in April, Windows updates will all be sent out with SHA-2 encryption, usurping the old SHA-1. Before the cutoff, you need to get SHA-2 running. Other versions of Windows already speak SHA-2, but if you have Win7 or Server 2008, and you want to keep getting security patches, you need to install an SHA-2 Babel fish patch coming in February or March.

 

Microsoft’s official announcement says:

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019.

The timeline says that this coming February’s Monthly Rollup preview will have the SHA-2 code, as will a standalone patch. (No indication about whether that patch will be installed automatically.) Then, in March, the usual Monthly Rollup and Security-only patches will both include the new SHA-2 conversant code.

 

Then, in April, all new patches will require SHA-2.

 

Microsoft tends to use the “critical” label for about a quarter of all of its monthly patches, and “critical” patches are rarely a make-or-break-right-now proposition for the typical Windows customer. This time, in March, this critical patch really will be critical.

 

Let’s hope they get it right the first time.

Thx, @abbodi86

 

Join us in wild anticipation on the AskWoody Lounge.

 

Source: Heads up: A ‘critical’ Win7/Server 2008 patch coming in February/March that’s really critical (Computerworld - Woody Leonhard)

Link to comment
Share on other sites
  • Views 647
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...