No Windows Updates After July For Windows 7 Users Without SHA-2
Microsoft issued a support article for final implementation of SHA-2 Support to receive Windows Update on Windows operating system platform. Enforced for users of Windows 7 and Windows Server 2008 to have SHA-2 code signing installed by July 16, 2019, or else they won’t receive future updates.
Before Windows OS was using dual-signed both SHA- & SHA-2 hash algorithm to authenticate the updates from Microsoft. This year Microsoft is completely shifting to SHA-2 to avoid the weakness in SHA-1 and to align with industry standards.
The article clearly indicates that Microsoft will be releasing sign Windows updates exclusively for SHA-2 algorithm. Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 users will require having SHA-2 code signing support before July 16. Below is the schedule of Security Updates for SHA-2:
SHA-2 Background Details:
The Secure Hash Algorithm 1 (SHA-1) was developed as an irreversible hashing function and is widely used as a part of code-signing. Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues. For more information about of the depreciation of SHA-1, see Hash and Signature Algorithms.
Source: Microsoft