News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Windows 7’s Windows Update will no longer work out-of-the-box

    Posted on abbodi86 Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Win7 beyond End-of-life Windows 7’s Windows Update will no longer work out-of-the-box

    Viewing 5 reply threads
    • Author
      Posts
      • #2286800 Reply
        abbodi86
        AskWoody_MVP

        Starting August 2020, unupdated Windows 7 / Server 2008 systems will require to manually install SHA-2 support updates before able to use Windows Update

        Windows Update on Vista and XP will stop working too

        Windows Update SHA-1 based endpoints discontinued for older Windows devices

        5 users thanked author for this post.
      • #2286802 Reply
        PKCano
        Da Boss

        If you have KB4474419 installed, you already have the SHA-2 code signing installed on Win7.
        If you are doing a clean install, you will need to install KB4474419 manually before using Windows Update.

        5 users thanked author for this post.
      • #2286804 Reply
        Microfix
        AskWoody MVP

        That seems terminal for XP and Vista by the wording.
        Playing devils advocate: what if another eternalblue type exploit appears..catalog wont work with XP nor Vista if it hasn’t been SHA2 updated.
        Sounds a bit desparate to me, by hook or by crook to get folk onto W10.

        A couple of separate external Win7 EoS fully updated images held in reserve here 😉

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        • #2286837 Reply
          abbodi86
          AskWoody_MVP

          Actually, KB4474419 can be installed fine on Vista and it add the SHA2 support
          but the updated WU client contained within it excluded from installation, therefore you won’t have working WU

          but you can install updates manually though

          2 users thanked author for this post.
      • #2286810 Reply
        Alex5723
        AskWoody Plus

        will require to manually install SHA-2 support updates

        So why won’t Microsoft install SHA-2 via WU ?

        • #2286813 Reply
          Microfix
          AskWoody MVP

          the patches need verification in order to download and install in the target OS. It’s a security measure for both MS and the recipient. MS can’t change WU on installation DVD’s!

          Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
          • #2286819 Reply
            Alex5723
            AskWoody Plus

            @Microfix.

            Sorry, don’t understand your reply.
            Downloading and installing manually doesn’t pose security hazards ? How does that protect Microsoft or the client ?
            I thought that using WU is the secure way.

            • #2286822 Reply
              PKCano
              Da Boss

              You can’t use WU without SHA-2 coding enabled.
              Older install media does not have SHA-2 coding.
              You can’t update using WU to download SHA-2 coding b/c you can’t access WU without ShA-2 coding enabled.
              So the only way is to download it and install manually.

            • #2286825 Reply
              anonymous
              Guest

              Yes it poses a security risk but they’ll stop their whole SHA-1 based infrastructure so if you’d like to connect to get their update safely then you have to download the software that makes safe connections possible to their remaining infrastructure – at your own risk.

              Interesting that the advisory says this goes in effect “in late July 2020” but it was still working for me a few days ago (update Win7 from convenience rollup to 2020 January level through WU).

        • #2286815 Reply
          anonymous
          Guest

          Because

          Windows Update is discontinuing its SHA-1 based endpoints

          therefore you have to install manually SHA-2 to be able to connect to WU endpoints.

          1 user thanked author for this post.
      • #2286835 Reply
        anonymous
        Guest

        They just don’t care.

        You download the update binary and compare its hash to the one published in the advisory and you’re safe.

      • #2286847 Reply
        Cybertooth
        AskWoody Plus

        As of this writing, my Vista system is still connecting to the Windows Update server:

        Vista-updates-still-available

        Attachments:
    Viewing 5 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows 7’s Windows Update will no longer work out-of-the-box

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.