Microsoft to remove all Windows downloads signed with SHA-1 next week

July 31, 2020

Microsoft announced this week that it is removing all Windows downloads from the Microsoft Download Center that are cryptographically signed using SHA-1 certificates on August 3rd, 2020. The SHA-1 algorithm was frequently used to code-sign executables and TLS and SSL certificates used on web domains to authenticate a publisher’s legitimacy.

Security analysts released a report in 2015, describing how SHA-1 is exposed to collision attacks due to which, attackers could create copies of digital certificates to imitate a company or another website. These copies can then be employed in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions. Due to the glitches with SHA-1 certificates, Microsoft and other creators have been moving away from SHA-1 certificates and requiring SHA-2 to be utilized to install Windows updates.

Microsoft stated in a new support bulletin issued yesterday, that they are retiring all Windows content signed with the Secure Hash Algorithm 1 (SHA-1) from the Microsoft Download Center to upsurge security.

“To support developing industry security standards, and continue to keep you protected and productive, Microsoft will leave content that is Windows-signed for Secure Hash Algorithm 1 (SHA-1) from the Microsoft Download Center on August 3, 2020. This is the next step in our constant efforts to approve Secure Hash Algorithm 2 (SHA-2), which better meets modern security requirements and offers added protections from common attack vectors.”

“SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow a criminal to spoof content, execute phishing attacks, or perform man-in-the-middle attacks”. “Microsoft no longer uses SHA-1 to verify Windows operating system updates due to security concerns related with the algorithm, and has provided the suitable updates to move customers to SHA-2 as earlier announced. Accordingly, beginning in August 2019, devices without SHA-2 support have not received Windows updates.

Even though Microsoft only supports SHA-2 signed content for official content, Windows executables signed with SHA-1 can still run in the operating system. If there are older SHA-1 signed files on the Microsoft Download Center that you still routinely use, before Microsoft removes them on August 3, you should download them.

More Stories

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

What’s New With Microsoft Windows 10 Build 19043.1052

June 10, 2021

You may have missed

How to Remove Fourthatbud.live from PC

September 4, 2023

How to Remove Ahafateooh.live from PC

September 4, 2023

How to Remove Bojent.xyz from PC

September 4, 2023

How to Remove News-Wonale.cc from PC

September 4, 2023

How to Remove Rzml Rransomware And Decrypt .rzml Files

September 4, 2023