<div class="ipsQuote_contents">
<p style="border:0px;color:#111111;font-size:15px;padding:0px;vertical-align:baseline;">
Microsoft<span> plans </span>to release an update early next year for the company's Windows 7 and Windows Server 2008 operating systems that add support for SHA-2 update handling to them.
</p>
<p style="border:0px;color:#111111;font-size:15px;padding:0px;vertical-align:baseline;">
Updates are delivered using SHA-1 and SHA-2 currently. SHA-1 is a hashing algorithm with known weaknesses and Microsoft plans to do away with SHA-1 support in April 2019 to use SHA-2, an improved hashing algorithm, exclusively going forward.
</p>
</div>
Quote
<div class="ipsQuote_contents">
<p>
<span style="color:#111111;font-size:15px;">While that is no problem for Windows 8.1, Windows 10, or the server equivalents, it is one for devices running Windows 7 or Windows Server 2008. The reason is simple: SHA-2 is not supported by these operating systems when it comes to updates.</span>
</p>
</div>
So basically if you don't install this update when it is offered you won't get anymore updates
- I am glad that it will be included in one of the next Rollup Updates. No need to worry too much. Just be good boy/girl and install all the upcoming Rollup updates.
- Upgrading Win7 and Server 2008 to SHA-2 will also reduce the complexity of the update procedure for Microsoft. Why didn't they do it much earlier ?
Just a reminder to watch for this critical update either in this month's patches or next month's. .
Quote
<div class="ipsQuote_contents">
<p>
<span style="background-color:#ffffff;color:#000000;font-size:15px;">Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates. Refer to the Product Updates section for the migration timeline.</span>
</p>
</div>