Windows 7 and Windows Server 2008 R2 Receive SHA-2 Security Update

Microsoft plans to distribute a security update for Windows 7 and Windows Server 2008 R2 as well as WSUS 3.0 SP2 for the upcoming patchday, which integrates SHA-2 support in the Windows Update Client. Already in November last year, the software company announced that due to the known weaknesses in the SHA-1 signing, it would in future only sign its updates with SHA-2 algorithms. Newer operating systems, such as Windows 10 or Windows Server 2012 or 2016, already support SHA-2 signed packages; the update client of Windows 7 and Windows Server 2008 R2, on the other hand, does not. Without this patch, older operating systems will no longer be able to receive new updates from the summer.

The update will be available both as a stand-alone security update and as part of the monthly rollup update package, as of March 12, 2019. From July 16, 2019, only new updates which are SHA-2 signed will be distributed by Microsoft. It is not to be expected, however, that the new installation of the older operating systems will no longer be possible on this date.

As long as Microsoft does not withdraw the updates released before July 2019 and signed SHA-1/SHA-2 and replace them with packages with exclusive SHA-2 signatures, new Windows installations can be updated. Once the SHA-2 preparation update has been installed, Windows 7 and its server counterparts will accept updates from the July 2019 release date.

Source: Microsoft