All Windows 7 users hopefully know that microsoft will cease support for the operating system in January 2020, but what they might not realize is that extended support could dry up in July 2019 if they fail to install some critical patches next month.
The patches arriving in March mark a security upgrade for windows 7, and mean that Windows updates will only use the SHA-2 hash algorithm to sign and authenticate patches (i.e. to make sure they’ve come directly from Microsoft, and haven’t been tampered with).
Currently, OS updates are dual-signed using both SHA-1 and SHA-2 algorithms, but as Microsoft notes: “Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.”
The March updates lay the groundwork for this, but the actual move to SHA-2 won’t happen until July. When that month rolls around, though, if you haven’t got SHA-2 support in place, then you won’t get any further Windows updates.
As Microsoft observes, customers running Windows 7 SP1 – or Windows Server 2008 R2 SP1/SP2 – will need to patch in SHA-2 code signing before the July 16 deadline.
In short, then, you need to make sure you don’t miss the various standalone security updates that will deploy next month and usher in SHA-2 code sign support – currently, Microsoft is estimating a target date of March 12 for their release on Windows 7.
Windows 10 users do not need to worry about this update as a future update will change this feature. If you need help to make sure this update works and happens on your windows 7 machine please feel free to call us. Also now is a great time before next year to have your system updated to windows 10 before support for 7 ends.