14 DAY TRIAL // While the clock is ticking for Windows 7, Microsoft is getting ready for another major change over security updates shipped to devices running the operating system.
Announced in late 2018, the switch from SHA-1 to SHA-2 will finally take place next month, and Microsoft says that Windows 7 PCs will be provided with a dedicated patch in this regard on March 12.
The most important tidbit is that customers who do not install the SHA-2 patch will no longer be provided with security updates after July 2019. Support for Windows 7 will come to an end in January 2020, so devices without this patch would technically be left without security updates some half a year earlier.
“To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively,” Microsoft explains in a technical support document.
Next deadline: July 2019
As AskWoody notes, the original announcement was published in November, and the target for the SHA-2 patch was February or March.
Microsoft explains that beginning with July 16, 2019, it will run a check on Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 to determine whether the March update is installed.
“Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March and April will be required in order to continue to receive updates on these versions of Windows,” it says.
Windows 7 is currently the second most-used Windows version on the market and it is projected to exit extended support on January 14, 2020.