- Jan 21, 2018
- 814
"Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020.
The SHA-1 algorithm was commonly used to code-sign executables and TLS and SSL certificates used on web sites to authenticate a publisher's legitimacy.
In 2015, security researchers released a report detailing how SHA-1 is vulnerable to collision attacks that could allow attackers to create forgeries of digital certificates to impersonate a company or another website.
These forgeries can then be used in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions.
Due to the problems with SHA-1 certificates, Microsoft and other developers have been moving away from SHA-1 certificates and requiring SHA-2 to be used to install Windows updates..."
www.bleepingcomputer.com
The SHA-1 algorithm was commonly used to code-sign executables and TLS and SSL certificates used on web sites to authenticate a publisher's legitimacy.
In 2015, security researchers released a report detailing how SHA-1 is vulnerable to collision attacks that could allow attackers to create forgeries of digital certificates to impersonate a company or another website.
These forgeries can then be used in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions.
Due to the problems with SHA-1 certificates, Microsoft and other developers have been moving away from SHA-1 certificates and requiring SHA-2 to be used to install Windows updates..."
Microsoft to remove all Windows downloads signed with SHA-1
Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020.
