Microsoft Download Center
|Microsoft Download Center|
|Project status||Special case|
|Archiving status||In progress...|
|IRC channel||(on EFnet)|
The Microsoft Download Center is one of Microsoft's platforms to distribute software and patches.
2020 removal of SHA-1-signed content
On 2020-07-28, Microsoft published the following announcement:
SHA-1 Windows content to be retired August 3, 2020
To support evolving industry security standards, and continue to keep you protected and productive, Microsoft will retire content that is Windows-signed for Secure Hash Algorithm 1 (SHA-1) from the Microsoft Download Center on August 3, 2020. This is the next step in our continued efforts to adopt Secure Hash Algorithm 2 (SHA-2), which better meets modern security requirements and offers added protections from common attack vectors.
SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Microsoft no longer uses SHA-1 to authenticate Windows operating system updates due to security concerns associated with the algorithm, and has provided the appropriate updates to move customers to SHA-2 as previously announced. Accordingly, beginning in August 2019, devices without SHA-2 support have not received Windows updates. If you are still reliant upon SHA-1, we recommend that you move to a currently supported version of Windows and to stronger alternatives, such as SHA-2.
This announcement was hidden away in their community forums and only made less than a week before the removal. Notably, no notice was shown anywhere in the Download Center itself.
There does not appear to be any way to determine whether a particular file is affected without downloading and analysing it.
- • • •