It was established, all the way back in 2005 by cybersecurity experts that SHA-1 encryption is no longer effective as a deterrent against hackers. What makes SHA-1 flimsy as an encryption standard is the potential for collision attacks and other efficient methods of cracking the encryption. As a result, many technology giants have begun moving their products to other forms of encryption (such as SHA-2 or SHA-3). Microsoft legacy OS like Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 all currently utilize SHA-1. It is this that the company is trying to change.

In a security memo released by Microsoft, the company detailed its plan to completely eliminate SHA-1 from the aforementioned legacy OS. The goal is to have SHA-1 no longer in use by this summer and to force users to upgrade. All updates will cease for legacy OS if they are still running SHA-1.

Microsoft describes their plan as follows:

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates.

(by July 16, 2019): Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March and April will be required in order to continue to receive updates on these versions of Windows.

(by September 16, 2019): Legacy Windows updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only. No customer action is expected for this milestone.

It is surprising that it took Microsoft this long to implement this plan. As stated at the beginning of this article, SHA-1 was determined to be ineffective over a decade ago. Nevertheless, this push for stronger OS encryption is a positive step for better protection of users and their data.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Review: Identity verification solution Specops Secure Service Desk

Specops Secure Service Desk is an innovative solution for positively identifying a user who calls…

13 hours ago

Apple Silicon: What it means for the world of personal computing

Apple is moving away from Intel processors to use its own Apple Silicon processors to…

16 hours ago

RAID 0 vs. RAID 1: When to use each level and why

Two of the most popular RAID levels for improving performance are RAID 0 and RAID…

19 hours ago

Got cybersecurity tools? Good. Got too many? That may be a problem

Strength in numbers may not apply to cybersecurity tools. In fact, using too many tools…

2 days ago

Getting started with System Center Operations Manager

System Center Operations Manager can monitor your IT resources, but the tool is only as…

2 days ago

Microsoft 365 administration: Creating DNS records for email security

Microsoft 365 administration has many facets, but none is more important than configuring email. Here’s…

2 days ago