All Windows 7 users hopefully know that Microsoft will cease support for the operating system in January 2020, but what they might not realize is that extended support could dry up in July 2019 if they fail to install some critical patches next month.
The patches arriving in March mark a security upgrade for Windows 7, and mean that Windows updates will only use the SHA-2 hash algorithm to sign and authenticate patches (i.e. to make sure they’ve come directly from Microsoft, and haven’t been tampered with).
Currently, OS updates are dual-signed using both SHA-1 and SHA-2 algorithms, but as Microsoft notes: “Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.”
The March updates lay the groundwork for this, but the actual move to SHA-2 won’t happen until July. When that month rolls around, though, if you haven’t got SHA-2 support in place, then you won’t get any further Windows updates.
As Microsoft observes, customers running Windows 7 SP1 – or Windows Server 2008 R2 SP1/SP2 – will need to patch in SHA-2 code signing before the July 16 deadline.
In short, then, you need to make sure you don’t miss the various standalone security updates that will deploy next month and usher in SHA-2 code sign support – currently, Microsoft is estimating a target date of March 12 for their release on Windows 7.
What about Windows 10 users? Fortunately, they don’t have to worry about anything, as Microsoft notes that also on July 16: “Windows 10 updates signatures [will be] changed from dual signed (SHA-1/SHA-2) to SHA-2 only. No customer action is expected for this milestone.”
Everything should happen automatically, then, and there’s no chance of you being able to miss out on the algorithm upgrade, and therefore subsequent updates.
Meanwhile, if the cessation of support for Windows 7 is weighing heavily on your mind, we’ve got a full guide on how to prepare for Windows 7 end of life. Remember, even with the SHA-2 patch in place, you’ve got less than 11 months of support left.
Via PC World