Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: KB4474419 SHA-2 Code Signing Support Update for Windows 7

4 Weeks Ago   #1
Brink

64-bit Windows 10 Pro
 
 
KB4474419 SHA-2 Code Signing Support Update for Windows 7

Quote:
Summary

This update introduces SHA-2 code sign support for Windows 7 SP1, and Windows Server 2008 R2 SP1.

For more information, see the following articles:

2019 SHA-2 Code Signing Support requirement for Windows and WSUS

ADV190009

How to get this update

Method 1: Windows Update

This update will be downloaded and installed automatically.

Note This update is also available through Windows Server Update Services (WSUS).

Method 2: Microsoft Update Catalog

To get the standalone package for this update, see the Microsoft Update Catalog website.



2019 SHA-2 Code Signing Support requirement for Windows and WSUS

Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 Service Pack 2, Windows 10 version 1607, Windows 10 version 1703, Windows 10 version 1709, Windows 10 version 1803, Windows 10 version 1809, Windows 10, Windows Server 2012 Standard, Windows Server 2012 R2, Windows 8.1, Windows Server 2019 all versions, Windows Server Update Services 3.0 Service Pack 2


Summary

To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates. Refer to the Product Updates section for the migration timeline.

Background details

The Secure Hash Algorithm 1 (SHA-1) was developed as an irreversible hashing function and is widely used as a part of code-signing. Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues. For more information about of the deprecation of SHA-1, see Hash and Signature Algorithms.

Product updates

Starting in early 2019, the migration process to SHA-2 support will occur in stages, and support will be delivered in standalone updates. Microsoft is targeting the following schedule to offer SHA-2 support. Please note that the timeline below is subject to change. We will update this page as the process begins and as needed...

KB4474419 SHA-2 Code Signing Support Update for Windows 7-kb4472027.jpg

WSUS 3.0 SP2

For customers using WSUS 3.0 SP2, we recommend that you update your servers with the SHA2 updates for WSUS 3.0 SP2 by June 18th, 2019 to ensure that SHA2 signed updates can be delivered to your enterprise.


Read more: MicroSoft

See also: KB4474419

Direct download links for KB4474419 MSU file from Microsoft Update Catalog:

Download KB4474419 MSU for Windows 7 32-bit (x86) - 33.7 MB

Download KB4474419 MSU for Windows 7 64-bit (x64) - 52.1 MB




My System SpecsSystem Spec
.
1 Week Ago   #2
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Shawn, does this support requirement relate to this article I saw?

Quote:
Still Using Windows 7? Microsoft's Next Update Is Critical

If you want to continue receiving Windows updates, then the next Windows 7 and Windows Server 2008 update is critical as it adds support for SHA-2 encryption. Without it, future updates can't be downloaded.

Support for Windows 7 is set to end on Jan 14. 2020, but access to Windows updates may end in March if you don't allow your Windows 7 machines to download and install Microsoft's next patch.
Source: PCMag
My System SpecsSystem Spec
1 Week Ago   #3
Brink

64-bit Windows 10 Pro
 
 

Hello @Anak,

Correct, it's related to that article.
My System SpecsSystem Spec
.

1 Week Ago   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

Can someone post the exact KB for this when it comes out?
My System SpecsSystem Spec
1 Week Ago   #5
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Quote   Quote: Originally Posted by Brink View Post
Hello @Anak,

Correct, it's related to that article.
Thanks Shawn,

Your News posting does say it in its own way:
Quote:
Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019.
Do you know if 'stand alone updates' are delivered through Windows Updates or will we have to 'go get it' say, in the update catalog?
My System SpecsSystem Spec
1 Week Ago   #6
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi

According to the MS blog, its due to be released this Tuesday.


Roy
My System SpecsSystem Spec
1 Week Ago   #7
Brds7t7

Win 7 Ultimate, Win 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

Quote   Quote: Originally Posted by Anak View Post
Do you know if 'stand alone updates' are delivered through Windows Updates or will we have to 'go get it' say, in the update catalog?
I'm guessing it will be pushed through Windows Update. Usually when MS pushes an update which affects future WU functionality, they get pushed through WU. They did that recently with the v2 Oct 2018 Servicing Stack update which stated if it wasn't installed then future rollups wouldn't install properly. They made it a mandatory update through WU, so I'm guessing this will be the same.
My System SpecsSystem Spec
1 Week Ago   #8
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Thanks TW and Brds
My System SpecsSystem Spec
1 Week Ago   #9
Brink

64-bit Windows 10 Pro
 
 

Update:

KB4474419 SHA-2 Code Signing Support Update for Windows 7-kb4472027.jpg


My System SpecsSystem Spec
1 Week Ago   #10
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Thanks Shawn,

I see this was started way back in 2015:
Microsoft security advisory: Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2: March 10, 2015

Microsoft Security Advisory 3033929

3033929 has been on my win 7 box since 03 / 10 / 2015. I haven't seen any updates for today on the microsoft update catalog but there are the ones for 3033929.

information   Information
My mention of KB3033929 does not mean to imply that what we are all waiting for will have that same number. And, the ones linked to above are not the ones we need, I only linked to them for reference.
My System SpecsSystem Spec
Reply

 KB4474419 SHA-2 Code Signing Support Update for Windows 7




Thread Tools




Similar help and support threads
Thread Forum
February 12, 2019 - KB4486564 (Security-only update) for Windows 7
Source: Access Denied Direct download links for KB4486564 MSU file from Microsoft Update Catalog: :ar: Download KB4486564 MSU for Windows 7 32-bit (x86) - 17.9 MB :ar: Download KB4486564 MSU for Windows 7 64-bit (x64) - 29.2 MB
News
January 8, 2019 - KB4480960 (Security-only update) Windows 7
Source: Access Denied See also: KB4487266 KB4487345 Direct download links for KB4480960 MSU file from Microsoft Update Catalog:
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:48.
Twitter Facebook Google+