Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019 (zdnet.com)

Posted by msmash on from the fyi dept.

Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article. From a report: Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. But going forward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said.

52 of 146 comments (clear)

  1. Microsoft : You must update to have updates by Anonymous Coward · · Score: 4, Funny

    Update coming to update you so you can get updates. Dawg.

    1. Re: Microsoft : You must update to have updates by Anonymous Coward · · Score: 1

      Bug going foward,

      Important to get new bugs from Microsoft

    2. Re:Microsoft : You must update to have updates by Stormwatch · · Score: 5, Informative

      As much as I like Linux, Windows is still where all the games are.

      --
      Circumcision is child abuse.
    3. Re:Microsoft : You must update to have updates by Shikaku · · Score: 2

      https://store.steampowered.com...

      Steam has Wine built in nowadays, but it's called Proton as part of its internal usage. This is the list that's compatible, and officially they have Proton enabled by default for these titles: https://steamcommunity.com/gam...

      They've also been doing a lot of work and upstreaming features to Wine, like DirectX12 to Vulkan API.

    4. Re:Microsoft : You must update to have updates by Luckyo · · Score: 2

      That has been the story of windows update several times now, where you had to update windows update to get updates.

    5. Re:Microsoft : You must update to have updates by Joce640k · · Score: 1

      As much as I like Linux, Windows is still where all the games are.

      I thought Steam fixed all that.

      --
      No sig today...
    6. Re:Microsoft : You must update to have updates by scdeimos · · Score: 1

      On the plus side, this should be the last set of Windows 10 updates for Windows 7.

    7. Re:Microsoft : You must update to have updates by AmiMoJo · · Score: 1

      There is also a surprising lack of decent file managers for Linux. Certainly nothing on the level of Directory Opus.

      It's very strange. You would think that Linux would be the best at all the nerdy stuff like advanced file management and software development, but actually it lags quite a bit in those areas. Games I don't really care about, but productivity tools...

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re: Microsoft : You must update to have updates by nightcats · · Score: 1

      Ah, yes, the techno-Freudian slip that the editor blithely lets through. Makes a man's cigar glow.

      --
      Development is programmable; Discovery is not programmable. (Fuller)
    9. Re:Microsoft : You must update to have updates by arglebargle_xiv · · Score: 1

      Fast-forward to July 17, 2019, where Slashdot will run a story about Windows 7 systems breaking because they can't download the SHA-2 code signing update to allow them to download SHA-2 signed updates.

    10. Re: Microsoft : You must update to have updates by Billly+Gates · · Score: 1

      And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.

      --
      http://saveie6.com/
    11. Re:Microsoft : You must update to have updates by Highdude702 · · Score: 2

      You obviously haven't even tried to play any games in the last 6 months on linux. Steam is kicking ass with Steam Play, And games that use unity 2 where they removed linux support, still work just as well as windows. Maybe instead of just bashing it you should try it occasionally. So you even have a Linux bootable os? I would doubt it from your rant.

    12. Re:Microsoft : You must update to have updates by Highdude702 · · Score: 3, Interesting

      They are chipping away at it. They have done leaps and bounds with Steam Play. Their dev team isn't half bad it seems.

    13. Re:Microsoft : You must update to have updates by Luckyo · · Score: 1

      It's more of a fast rewind to 2015, when the initial patch for this was released iirc.

    14. Re:Microsoft : You must update to have updates by pezezin · · Score: 1

      I took a look at some Directory Opus screenshots, and what is so wonderful about it that Dolphin doesn't have?

    15. Re:Microsoft : You must update to have updates by Dunbal · · Score: 2

      serious development is done on the command line, and not through some gui

      Mere command line snobbery. Serious cargo hauling is done with a horse and buggy and not these newfangled horseless carriages... You also seem to be equating development with testing. That's like equating eating with defecating. While one certainly depends on the other, they are hardly interchangeable and synonymous.

      --
      Seven puppies were harmed during the making of this post.
    16. Re:Microsoft : You must update to have updates by AmiMoJo · · Score: 1

      Screenshots don't really do it justice... Basically it's like one of the classic two-pane file managers, but each pane is a window and you can have an unlimited number of them. File operations are advanced, such as queued copying, rename with two types of regex, even file selection based on regex, directory structure flattening, multiple scripting languages, rename from metadata, all kinds of stuff.

      Dolphin is more of a basic Explorer/two-pane hybrid. Say you had a folder structure where you wanted to extract all the .html files that are 3 levels deep and move them to an identical structure somewhere else, could Dolphin do it? How about if you needed edit the metadata on a bunch of MP3 files, then rename and sort them into a folder structure along with associated album artwork? Or even something simple like wanting to queue up several large file copies so that your mechanical drives don't end up thrashing like crazy.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re:Microsoft : You must update to have updates by EvilSS · · Score: 1

      On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

      Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    18. Re:Microsoft : You must update to have updates by AmiMoJo · · Score: 1

      Command line is never going to cut it for serious development on large projects. If you get a compilation error who wants to dick around manually going to the right file and line to fix it, when a GUI lets them go there in a single click? Who is going to muck about with grep and clever regexs to find all references to a particular function, or worse try to refactor it over the entire project with sed?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    19. Re: Microsoft : You must update to have updates by The+Grim+Reefer · · Score: 1

      And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.

      To be fair, a lot of folks didn't upgrade to Win10 because of telemetry. When Microsoft decided to add it into a Win7 update, that was when a lot of people turned off automatic updates.

    20. Re:Microsoft : You must update to have updates by bobbied · · Score: 1

      lol are people still using Micro$oft Win-Doze?

      Unfortunately, Yes. I have a cable card tuner and I run Windows Media Center to DVR protected content. WMC only runs with protected content on Windows 7. There are no other options for this, except for TiVo, which involves buying a whole new set of hardware and paying subscription fees (or paying the cable company entirely too much for the service).

      Where I don't like running Windows 7 and I'd replace it in a heartbeat, it's the cheapest solution I could find at the time for the cable card DVR and protected content. I've saved a boat load of money over paying the cable company for the service, or paying TiVo. Although, this is coming to an end pretty soon by the looks of things.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    21. Re: Microsoft : You must update to have updates by F.Ultra · · Score: 1

      50? I have 275 games in my Steam right now and thanks to Proton I've just finished both Dead Space games (too bad they never made a 3:d) and Doom 2016. At https://www.protondb.com/ there is a comprehensible list of the games that work with Proton/Steam Play and it's currently at 3867 working titles.

    22. Re:Microsoft : You must update to have updates by F.Ultra · · Score: 1

      Hate the command line all that you want but the AC is right in so far as that I think that since the terminal in Linux is so good that it is the need for a GUI file manager never really emerged. Since the command prompt in Windows is so handicapped the need was so much larger and thus you got several different projects trying to solve it.

    23. Re:Microsoft : You must update to have updates by Highdude702 · · Score: 1

      Half Life 3 confirmed!!

    24. Re:Microsoft : You must update to have updates by Highdude702 · · Score: 1

      Don't use wine, use steams version it's miles ahead and keeps getting better with every client update.

    25. Re:Microsoft : You must update to have updates by Highdude702 · · Score: 1

      Your the one crying about how Microsoft hurts your feelings. Not us. We're just trying to help but like most battered women you keep saying "But I love him" and then we see you the next week with another black eye.

    26. Re: Microsoft : You must update to have updates by Shikaku · · Score: 1

      Honestly the only issue with Linux nowadays are Nvidia cards and ease of use with desktop environments, specifically switching between different ones like XFCE to KDE and handling errors. Everything else is fine. Nvidia drivers are really hit and miss depending on the card, but AMD open sourced their drivers so people or if you want to even you could make them better. Steam Proton is making huge strides nowadays, so the argument that Linux has no games is somewhat true but to a much lesser extent with Steamplay.

    27. Re:Microsoft : You must update to have updates by Luckyo · · Score: 1

      This seems to be the standalone update for those who didn't install the original sha-2 support one from 2015. That one had problems, and MS did originally have a bulletin stating that if you have problems with it, you should uninstall it.

      Fact check me on this:

      https://support.microsoft.com/...

      I could be reading it wrong. But it seems that sha-2 support has been in win7 ever since that patch.

  2. BUg gOing fOward by Anonymous Coward · · Score: 1

    Does no one even care to proofread anymore? Not expecting amazing journalism or anything bug this is ridiculous.

  3. Great Clickbait by Anonymous Coward · · Score: 5, Informative

    Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

    "Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

    Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

    tldr; nothing will change for these users

    1. Re:Great Clickbait by sjames · · Score: 5, Funny

      On May 14th they'll roll out the patches again, this time signed with SHA1 so they can actually install. June 11th they'll roll back the accidentally included patch that causes all printers to add a faint watermark of Satya Nadella's butt. In July they'll roll out a patch that makes the sha2 actually verify when it should. Then in August, a patch that makes it NOT verify when it shouldn't. In September they'll re-roll back the Satya Nadella's butt watermark that somehow crept back in in August. In October they'll re-issue the re-rollback patch, this time signed with SHA2 since they removed the SHA1 code in July. In November they'll deny all knowledge of a patch replacing the start-up sound with a braying donkey.

    2. Re:Great Clickbait by Luckyo · · Score: 3, Insightful

      On the bright side, this story is about win7, so reasonable people already defer patching by a week or two to see what crap MS sneaked into the update this time.

    3. Re:Great Clickbait by xonen · · Score: 1

      Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

      "Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

      Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

      tldr; nothing will change for these users

      What will change is the pile of 2nd hand computers that will not be able to (automatically) receive updates because they were powered off during this critical period between March and July.

      To me this sounds like a well-thought scheme to increase PC sales. I'd not be surprised if OEM's handed MS some money if they can fix the 2nd hand problem, because people can buy a perfectly functional PC for less than $50.

      --
      A glitch a day keeps the bugs away.
    4. Re:Great Clickbait by thegarbz · · Score: 1

      tldr; nothing will change for these users

      Nothing will change for users who have windows update automatically enabled? You don't say. Just because some users aren't affected doesn't make the article clickbait.

    5. Re:Great Clickbait by sumitsin · · Score: 1

      Some of the most highly promoted features of Windows 7 include new shortcuts designed for managing windows.

    6. Re:Great Clickbait by omnichad · · Score: 1

      Or the bigger period of any Windows reinstall after July. Unless older updates will remain signed with SHA1, which only makes sense.

  4. Too late Microsoft -- you already f**ked me by mnemotronic · · Score: 2, Interesting

    The updates from April 10 update last year bluescreened my 2008 R2 servers. AFAIK, Microsoft still doesn't have a fix. I am f*ed with no possible recovery. I can't say enough bad things about Microsoft's unprofessionalism, inadequate testing, contemptuous customer support, and ignorance of how their half-baked updates negatively impact real-world situations.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  5. Re: Linux actually does have games now. by Anonymous Coward · · Score: 1

    My next gaming rig will be a linux based system

  6. Old patch already addressed this by Anonymous Coward · · Score: 2, Informative

    There is an old patch for windows7 that already added SHA2 code signing: KB3033929. It can still be downloaded directly from microsoft.com without having to enable updates.

  7. I am a Windows 7 user - stopped automatic updates by blind+biker · · Score: 4, Interesting

    I stopped automatic updates a couple of years ago. Microsofto was pushing Windows 10 hard. I realized that, once they stop pushing the Windows 10 installation, they will try to get Windows 7 user give up by pushing shit updates - stuff that will break Windows 7. Don't even try to tell me this is beyond Microsoft, we all know it is right up their alley.

    So, after two years without automatic updates, all my computers (laptops and my desktop) are working without any security issues, including Meltdown that has been contained with patches that make sense vs. the crap that Microsoft pushed the first two times (surely by "mistake").

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  8. Re:Who uses Windows Update? by Type44Q · · Score: 1

    I just air-gap my Windows boxes: double-ought works okay but nothing leaves nice gaps like slugs.

  9. Re:Who uses Windows Update? by thegarbz · · Score: 1

    Found the anti-vaxxer.

  10. Re:Who uses Windows Update? by KiloByte · · Score: 1

    That's actually pretty safe, as long as you have a semi-saneish firewall with a deny-incoming rule (such as most IPv4-only connections (for "deny-incoming", not "sane")). There's no Microsoft _client_ program that's reasonable to run, so all you care about are vulnerabilities in Firefox or such. Barring a hole in low level TCP/IP, network attacks are limited to the local network. Even a hole in eg. Microsoft's implementation of DNS stub resolver can be avoided by running a local cache (no idea what's Windows' equivalent to unbound) then letting the system use that.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  11. What about the patch servers? by Chas · · Score: 1

    Will Microsoft be fixing the situation where their Windows Update servers are carrying fucked up Win7 Manifests?
    The whole reason I got off Win7 was because Windows Updates would run for 12+ hours, then fail out. And you'd have to keep running it until you hit a server with an undamaged manifest.

    --


    Chas - The one, the only.
    THANK GOD!!!
  12. Re:I am a Windows 7 user - stopped automatic updat by Oligonicella · · Score: 1

    Same. When I wrote this here at the time, there were all these "You'll get pwned". Yeah, hasn't happened yet and everything's working fine.

  13. All those evil Programmers making patches by codeDr · · Score: 1

    We've got to plug this hole to stop all those evil doers from corrupting our patches and computing correctly signed patches with SHA-1!!!

    Said no-one, ever.

  14. Re: Are you running unpatched, or did you migrate? by Highdude702 · · Score: 1

    You also have employees that would be beaten by a rock mentally? Man I thought I was the only one that had to deal with that issue. Sadly this is not sarcasm :(

  15. Re:Linux actually does have games now. by Dunbal · · Score: 3, Insightful

    Being able to load a game != play and enjoy a game without graphics issues, framerate issues, disk issues, sound issues... etc

    --
    Seven puppies were harmed during the making of this post.
  16. Re: Note on dwminit.dll by reboot246 · · Score: 1

    But I deleted Windows to save my sanity.

  17. Re:Who uses Windows Update? by omnichad · · Score: 1

    A bit slimy, though.

  18. Re:I am a Windows 7 user - stopped automatic updat by blind+biker · · Score: 1

    I read those comments. Might have gotten one myself. Along the lines "as soon as you boot your box will be owned."

    Well, I rather not be owned by Microsoft.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  19. Re:Linux actually does have games now. by lpq · · Score: 1

    Not to mention "anti-cheat" software that disables your game access because they don't like programs you have on your disk. You can't even report or diagnose problems, as that is part of what it bans -- any debugger or system monitor even anti-virus and anti-malware suites may be on their banned list.

    You can't even run some programs like Microsoft's ProcessMonitor any time before playing the game because those programs load drivers to inspect and monitor your system. Thus anti-cheat engines like XIGNCODE by Wellbia won't let you run the "protected games" even if you exit the program -- since the drivers can't
    be unloaded without a reboot.

    Turns out they and other companies have no technical support -- the game company contracts from a general PC-support company that can only help try to find what is wrong with your computer in not being able to connect. They have no ability to look at the game servers or or knowledge about the game software. Any debugging they do is general PC-health+hygiene related.

    Even with all the HW in place, you find you have to disable your security and system monitoring software, to assuage their fears.