Windows Update Changes: Here’s How You’re Affected

calendar

August 3, 2020

categories
News
tags
Microsoft update Windows

Content:

Microsoft has today terminated SHA-1 support in its Windows Update service.

SHA-1, short for Secure Hash Algorithm is a cryptographic hash function, designed to secure data by creating a hash which cannot be reversed. It has been considered vulnerable since 2011, and was deprecated by all major browsers in 2017 for secure web connections using SSL.

Most users will not be impacted by the change, as Windows 8 onwards use the newer, more secure SHA-2 hash function by default.

Any OS older than Windows 8 will be impacted by the change.

Patches

Windows 7 and Windows Server 2008 are the only versions of Windows Microsoft has updated, to use the newer hash function. Update KB4474419 adds SHA-2 support to these operating systems. For Windows 7 and Windows Server 2008 SP1, you also need to install KB4490628. Windows Server 2008 SP2 requires KB4493730 instead.

However, these updates themselves must be installed manually, as it is not possible to connect to Windows Update to install them.

Windows Vista/XP/2000

For Windows OS’s older than Windows 7/Windows Server 2008 you’re out of luck. It is no longer possible to connect to the Windows Update site, and therefore, not possible to get updates automatically. There is no patch available, and as these OS’s are long out of support, there will not be one in the future. It’s also worth noting that, as they are out of support, you won’t be missing much without Windows Update.

That is, unless you are performing a fresh install. For this, updates can be accessed manually, using the Microsoft Update Catalog website. The included versions of Internet Explorer on affected systems are unable to connect to SSL enabled websites as, similar to Windows Update on these systems, it does not support newer security methods. As such, this Microsoft site is not accessible.

The downloads themselves, however, are still available without SSL – provided you have the download links, it’s possible to download them directly. The main service pack updates are directly linked below (English versions only):

OSVersionLink
Windows VistaService Pack 1http://www.download.windowsupdate.com/msdownload/update/software/svpk/2008/04/windows6.0-kb936330-x86_b8a3fa8f819269e37d8acde799e7a9aea3dd4529.exe
Windows VistaService Pack 2http://download.windowsupdate.com/msdownload/update/software/svpk/2009/06/windows6.0-kb948465-x86_55f17352b4398ecb4f0cc20e3737631420ca1609.exe
Windows XPService Pack 2http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/xpsp2_33a8fef60d48ae1f2c4feea27111af5ceca3c4f6.exe
Windows XPService Pack 3http://www.download.windowsupdate.com/msdownload/update/software/dflt/2008/04/windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe

For users still reliant on these old versions of Windows, it is advisable to create a slipstreamed install disc, including all updates, to install a fully updated system from the outset.

That said, the reality is that anyone still using these increasingly insecure systems on an internet connected network should really be migrating away anyway. If you don’t like newer versions of Windows, or have old hardware, take a look at my guide to installing Linux instead.

If you like what we do, consider supporting us on Ko-fi