Microsoft removes all downloads signed with SHA-1

Microsoft removes all Windows Download Center downloads signed using SHA-1 certificates on August 3, 2020.

The SHA-1 algorithm was commonly used to sign executable file code, and TLS and SSL certificates are used on websites to authenticate a publisher.

In 2015, security researchers published a report which describes in detail how SHA-1 is vulnerable to attacks that could allow intruders to forge digital certificates to impersonate a company or other site.

These forgeries could then be used in phishing attacks, corporate forgeries or man-in-the-middle attacks.

Due to problems with certificates SHA-1, Microsoft and other developers are starting to use them and demand its use SHA-2 to install Windows updates.

In a new newsletter released yesterday, Microsoft says it is withdrawing all Windows content signed with the Secure Hash 1 (SHA-1) algorithm from the Microsoft Download Center for added security.

"SHA-1 is an old cryptographic hash that many in the security community believe is no longer secure. "Using the SHA-1 algorithm in digital certificates could allow an attacker to falsify content, carry out phishing attacks or man-in-the-middle attacks."

Note that although Microsoft only supports signed content with SHA-2 in official content, Windows executables signed with SHA-1 will still be able to run on the operating system.

So if you have previously signed files with SHA-1 and you still use them, you must download them before Microsoft removes them on August 3rd.

Registration in via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news