![]() WSUS ServerĪny servers running WSUS services will require a separate update to enable support for SHA-2 within WSUS itself. ![]() Any servers without the KBs will stop receiving updates on the deadline. Windows updates released after the noted deadline will only be signed with SHA-2 and will require the relevant KBs to be installed on the clients. *The second KB number for Server 2008 SP2 hasn't been published as the update isn't yet available. To enable support for SHA-2, the following updates must be installed prior to the given deadline: OS These updates will need to be installed prior to July or August 2019, depending on the specific OS version. While Server 2012 and newer already support SHA-2 natively, older OSes require updates to support it. ![]() To discontinue the use of SHA-1, Microsoft will begin only signing updates with SHA-2 after July 2019. For example, SHA-1 SSL certificates were phased out a couple of years ago. However, SHA-1 is generally considered insecure and is being phased out both from Windows Update signing as well as across the entire industry. This is an important security feature that ensures you can trust the update packages that run on your systems. Today, Windows Update packages are signed with both the SHA-1 and SHA-2 algorithms to verify that they are from Microsoft and haven't been tampered with during transit. This change will require updates to allow Windows 7, Server 2008, and Server 2008 R2 to continue receiving updates after July 2019. Another upcoming security change to Windows is the transition to SHA-2 code signing certificates for Windows Update.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |