OR Microsoft removes all their downloads Windows from Microsoft Download Center signed using certificates SHA-1 on August 3, 2020.
The algorithm SHA-1 commonly used to sign executable file code and TLS and SSL certificates are used on websites to authenticate a publisher.
In 2015, security researchers published a report which describes in detail how SHA-1 is vulnerable to attacks that could allow intruders to forge digital certificates to impersonate a company or other site.
These forgeries could then be used in phishing attacks, corporate forgeries or man-in-the-middle attacks.
Due to problems with certificates SHA-1, the Microsoft and other developers start not using them and demand its use SHA-2 to install updates of Windows.
In a new newsletter published yesterday, the Microsoft states that it withdraws all content Windows signed with Secure Hash algorithm 1 (SHA-1) from Microsoft Download Center for more security.
"The SHA-1 is an old cryptographic hash that many in the security community believe is no longer secure. The use of the algorithm SHA-1 digital certificates could allow an attacker to falsify content, carry out phishing attacks or man-in-the-middle attacks. "
Note that although the Microsoft only supports content signed with SHA-2 in the official content, executable Windows signed with SHA-1 will be able to run on the operating system.
So if you have previously signed files with SHA-1 and you are still using them, you must download them before the Microsoft on August 3th.
Intelspy: Perform automatic network scans
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators