Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019

Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article. From a report: Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. But going forward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said.

Microsoft : You must update to have updates

Update coming to update you so you can get updates. Dawg.

Re:Microsoft : You must update to have updates

[Stormwatch]

As much as I like Linux, Windows is still where all the games are.

Re:Microsoft : You must update to have updates

[Shikaku]

https://store.steampowered.com...

Steam has Wine built in nowadays, but it's called Proton as part of its internal usage. This is the list that's compatible, and officially they have Proton enabled by default for these titles: https://steamcommunity.com/gam...

They've also been doing a lot of work and upstreaming features to Wine, like DirectX12 to Vulkan API.

Re:Microsoft : You must update to have updates

[Luckyo]

That has been the story of windows update several times now, where you had to update windows update to get updates.

Re:Microsoft : You must update to have updates

[Highdude702]

You obviously haven't even tried to play any games in the last 6 months on linux. Steam is kicking ass with Steam Play, And games that use unity 2 where they removed linux support, still work just as well as windows. Maybe instead of just bashing it you should try it occasionally. So you even have a Linux bootable os? I would doubt it from your rant.

Re:Microsoft : You must update to have updates

[Highdude702]

They are chipping away at it. They have done leaps and bounds with Steam Play. Their dev team isn't half bad it seems.

Re:Microsoft : You must update to have updates

[Dunbal]

serious development is done on the command line, and not through some gui

Mere command line snobbery. Serious cargo hauling is done with a horse and buggy and not these newfangled horseless carriages... You also seem to be equating development with testing. That's like equating eating with defecating. While one certainly depends on the other, they are hardly interchangeable and synonymous.

Great Clickbait

Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

tldr; nothing will change for these users

Re:Great Clickbait

[sjames]

On May 14th they'll roll out the patches again, this time signed with SHA1 so they can actually install. June 11th they'll roll back the accidentally included patch that causes all printers to add a faint watermark of Satya Nadella's butt. In July they'll roll out a patch that makes the sha2 actually verify when it should. Then in August, a patch that makes it NOT verify when it shouldn't. In September they'll re-roll back the Satya Nadella's butt watermark that somehow crept back in in August. In October they'll re-issue the re-rollback patch, this time signed with SHA2 since they removed the SHA1 code in July. In November they'll deny all knowledge of a patch replacing the start-up sound with a braying donkey.

Re:Great Clickbait

[Luckyo]

On the bright side, this story is about win7, so reasonable people already defer patching by a week or two to see what crap MS sneaked into the update this time.

Too late Microsoft -- you already f**ked me

[mnemotronic]

The updates from April 10 update last year bluescreened my 2008 R2 servers. AFAIK, Microsoft still doesn't have a fix. I am f*ed with no possible recovery. I can't say enough bad things about Microsoft's unprofessionalism, inadequate testing, contemptuous customer support, and ignorance of how their half-baked updates negatively impact real-world situations.

Old patch already addressed this

There is an old patch for windows7 that already added SHA2 code signing: KB3033929. It can still be downloaded directly from microsoft.com without having to enable updates.

I am a Windows 7 user - stopped automatic updates

[blind+biker]

I stopped automatic updates a couple of years ago. Microsofto was pushing Windows 10 hard. I realized that, once they stop pushing the Windows 10 installation, they will try to get Windows 7 user give up by pushing shit updates - stuff that will break Windows 7. Don't even try to tell me this is beyond Microsoft, we all know it is right up their alley.

So, after two years without automatic updates, all my computers (laptops and my desktop) are working without any security issues, including Meltdown that has been contained with patches that make sense vs. the crap that Microsoft pushed the first two times (surely by "mistake").

Re:Linux actually does have games now.

[Dunbal]

Being able to load a game != play and enjoy a game without graphics issues, framerate issues, disk issues, sound issues... etc