Microsoft removes all downloads of Windows from the Microsoft Download Center signed using SHA-1 certificates on August 3, 2020.
The SHA-1 algorithm was commonly used to sign executable file code, and TLS and SSL certificates are used on websites to authenticate a publisher.
In 2015, security researchers published a report which details how SHA-1 is vulnerable to attacks that could allow attackers to create forgeries of digital certificates to impersonate a companys or other website.
These forgeries could then be used in phishing attacks, corporate forgeries or man-in-the-middle attacks.
Due to problems with certificates SHA-1, Microsoft and other developers are starting to use them and demand its use SHA-2 to install Windows updates.
In a new newsletter released yesterday, Microsoft says it is withdrawing all Windows content signed with the Secure Hash 1 (SHA-1) algorithm from the Microsoft Download Center for added security.
"SHA-1 is an old cryptographic hash that many in the security community believe is no longer secure. "Using the SHA-1 algorithm in digital certificates could allow an attacker to falsify content, carry out phishing attacks or man-in-the-middle attacks."
Note that although Microsoft only supports SHA-2 signed content in official content, SHA-1 signed Windows executables will be able to run on operating system.
So if you have previously signed files with SHA-1 and you still use them, you must download them before Microsoft removes them on August 3rd.