• Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March

    Remember the dire warning, back last November, that you had to install a forthcoming Win7 security patch in order to continue to receive security patches?

    I had an article in Computerworld about it:

    Microsoft is changing its method for electronically signing patches from an old approach known as SHA-1 to the much more secure SHA-2. If you want to continue to get Win7, Server 2008 and WSUS security patches, you need to install a patch in February or March that makes Windows SHA-2-conversant.

    I hadn’t heard anything more about the transition until @abbodi86 posted an update a few minutes ago. Ends up that Microsoft will push the patch in March, according to a new bulletin posted just a few hours ago:

    Starting in early 2019, the migration process to SHA-2 support will occur in stages, and support will be delivered in standalone updates. Microsoft is targeting the following schedule to offer SHA-2 support.

    March 12, 2019

    Stand Alone updates that introduce SHA-2 code sign support will be released as security updates.

    Windows 7 SP1,
    Windows Server 2008 R2 SP1

    July 16, 2019

    Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March and April will be required in order to continue to receive updates on these versions of Windows.

    I’m sure you Win7 fans will love the fact that “legacy Windows” now includes Win7, Server 2008, and Server 2008 R2, but nevermind….

    Nothing wrong with being a legacy, eh?