Microsoft removes all downloads signed with SHA-1

Microsoft removes all downloads of from the Microsoft Download Center signed using SHA-1 certificates on August 3, 2020.

The SHA-1 algorithm was commonly used to sign executable file code, and TLS and SSL certificates are used on websites to authenticate a publisher.

In 2015, security researchers published a report which details how SHA-1 is vulnerable to attacks that could allow attackers to create forgeries of digital certificates to impersonate a s or other website.

These forgeries could then be used in phishing attacks, corporate forgeries or man-in-the-middle attacks.

Due to problems with certificates SHA-1, Microsoft and other developers are starting to use them and demand its use SHA-2 to install Windows updates.

In a new newsletter released yesterday, Microsoft says it is withdrawing all Windows content signed with the Secure Hash 1 (SHA-1) algorithm from the Microsoft Download Center for added security.

"SHA-1 is an old cryptographic hash that many in the security community believe is no longer secure. "Using the SHA-1 algorithm in digital certificates could allow an attacker to falsify content, carry out phishing attacks or man-in-the-middle attacks."

Note that although Microsoft only supports SHA-2 signed content in official content, SHA-1 signed Windows executables will be able to run on .

So if you have previously signed files with SHA-1 and you still use them, you must download them before Microsoft removes them on August 3rd.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).