Microsoft to remove SHA-1 Windows content from the Microsoft Download Center

[Karlston]

Microsoft to remove SHA-1 Windows content from the Microsoft Download Center

 

SHA-1 is a cryptographic hash that is no longer secure. If SHA-1 hashing algorithm is used in digital certificates, an attacker can perform phishing attacks or man-in-the-middle attacks. To keep its users protected, Microsoft yesterday announced that it will retire content that is Windows-signed for SHA-1 from the Microsoft Download Center on August 3, 2020. Microsoft recommends customers to move to SHA-2 algorithm for secure connections.

Beginning in August 2019, devices without SHA-2 support have not received Windows updates. If you are still reliant upon SHA-1, we recommend that you move to a currently supported version of Windows and to stronger alternatives, such as SHA-2.

Customers with legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) should have SHA-2 code signing support installed on their devices to receive updates from Microsoft. You can learn more about it here.

 

Source: Microsoft

 

 

Microsoft to remove SHA-1 Windows content from the Microsoft Download Center

 

[banned]

We've never been hacked, nor would've ever been hacked, by a Microsoft download signed with SHA-1. Killing a mirror over nothing...