Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March

Topic

New Reply

Remember the dire warning, back last November, that you had to install a forthcoming Win7 security patch in order to continue to receive security patc
[See the full post at: Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March]

9 users thanked author for this post.

Lori, FakeNinja, Joulia.S, Fred, SueW, Pepsiboy, Myst, Elly, abbodi86

Reply | Quote

Replies

Thanks Woody. It sounds like March will be a good month to take special heed of the DefCon rating!

Reply | Quote

not issuing this patch would be a sneaky way of forcing a migration from Win7. Of course MS would not think that way

Reply | Quote

Shrug. I don’t mind, as long as it’s not in a Rollup only.

1 user thanked author for this post.

Charlie

Reply | Quote

I really don’t get why it’s taken so long for this to happen with Windows.  SHA-1 support was removed from apt a couple of years ago, meaning that Ubuntu, Debian and other Linux distributions required SHA-256 minimum.

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

I consider Windows 98 or ME to be “Legacy”.  I never thought of anything that is 10 years old to be legacy.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Never?

You didn’t think Windows 3.0 was legacy yet when Windows 2000 came out?

Reply | Quote

Windows 3.0 was outdated practically from the time it was released.  Try not to get Legacy and Antique confused.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

“Legacy” indeed! Sounds like the old “Propaganda Sandwich” thing…two truths with a twist in between. (“Down, Legacy Peasant! To the curb with ye!”)

Take heart, all, this should be an easy patch….er, sorry… (slaps face).

But seriously, this is really overdue.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

2 users thanked author for this post.

Myst, GoneToPlaid

Reply | Quote

Since this is a must-have patch, will this be the one where they sneak in something unannounced which will “help” the user to upgrade to Win 10 next year?

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

This must have patch also must have as many taking the time to look for anything nefarious from Redmond riding along with said patch and doing the unannounced to any windows 7 systems.

Also:

Some Laptops with older Discrete Mobile GPU/graphics hardware that worked fine under windows 7 and 8/8.1 will simply not have those  GPU’s drivers be in any way manner or form vetted/certified to work properly with windows 10. laptops that where sold when windows 7 was relatively new, to even middle aged, have discrete mobile GPUs that are now considered legacy GPU hardware by their Makers and thus recieve no fruther updates and were never vetted or certified  to properly work for the types of changes that windows 10 has undergone under the hood and on the surface.

Windows 8/8.1 is just windows 7 under the hood for the most part with that TIFKAM UI tacked on for 8/8.1! So maybe Redmond will have to be forced to offer some windows 7 laptop users the option of purchasng  windows 8.1 in place upgrades from 7 least that older GPU hardware not have any available drvers that work with windows 10. Maybe even offer some OEM 8.1 version licensing options and some documantation on how to get the drivers copied over from any windows 7 recovery media that shipped with the laptop.

I’d like to find out if there are legal methods of forcing Microsoft to offer some consumers the option of purchasing extended windows 7 securuty updates like MS offers to its Enterprise/Volume Licensing customers. Microsoft still has to provide for Windows 8.1 security updates anyways until 2023  and most of the windows 8.1 security patches directly port back to windows 7 with little code refactoring needed, so similar are the 7 and 8/8.1 OS versions at the kernel/windows device driver model levels.

Microsoft will be forcing more folks to have no other option but to go with some Linux Distro in hope that their still working laptop with that older GPU hardware can be made to fuction under Linux after 7 goes EOL.

There are some fortunate business laptop customers that where able to purchase laptops, at the hight of the windows 8, before it was replaced by 8.1, usage where the business laptops came with the Pro version of windows 8 with the Windows 8 Pro License sticker on the laptop! Those Windows 8 Pro Business Laptops  came with  Windows 7 Pro downgrade rights and the Business Laptop OEMs where not too shy, at that time, in offering/applying that Windows 7 Pro Downgrade at the factory before the laptop was shipped. So come 2020 some Business laptop owners have the rights to 8/8.1 via that windows 8 Pro license sticker on their Busness laptops.

I have one business grade laptop that came with a Windows 8 Pro License and the Laptop’s OEM excerised that Windows 7 Pro downgrade right at the factory and that Laptop’s OEM shipped the laptop with 2 sets of recovery DVDs, one for windows 7 Pro and one for Windows 8 Pro. And both the recovery DVDs have the proper vetted/certified GPU drivers for the discrete mobile GPU that shipped with the laptop.

Desktop PC users have it so good as they can just upgrade their GPU by removing the old GPU from the PCIe slot and plugging a new one in that’s been certified to work with the latest Windows OS. Laptop users, except for rare laptop SKUs, are stuck with the discrete mobile GPU that’s soldered onto the laptop’s Motherboard.

1 user thanked author for this post.

johnf

Reply | Quote

Oh yeah, that.

I happen to have one laptop… well, luggable workstation… at home… (a Dell) that was never supported even with Windows 7. Officially Vista or older. Yes, I tried to find the drivers manually anyway, never got everything to work on 7. (SD card slot, for example.)

But, it’s an excellent system for running Linux, all the integrated devices work too.

The discrete nVidia GPU (the only one, it predates the dual integrated/discrete craze,) has been out of support on Windows for years now. On Linux, it still has official driver support, and that’s not counting the opensource drivers.

I mean, it isn’t like GPUs are the only “important” hardware people may have. Seen more problems with SD card slots and on modern devices even RS232… and some people really need the FireWire and…

Reply | Quote

Not unless they bring back  the free upgrade promo.  You can’t sneak in an OS upgrade and then send in the BSA for piracy.

Reply | Quote

It is pretty funny that M$ refers to Win7 as legacy now. As usage numbers indicate a virtual tie between W7 and W10, imo I think that more people would be buying W7 units over W10 if M$ still allowed the sales of it. This begs the question:  Which OS is really legacy? :>)

2 users thanked author for this post.

Kranium, Charlie

Reply | Quote

I agree with Seff #327816 and March will be a good month for taking my very good time before patching. See first what, why, and how much grief this change brings along before it is fixed. Not that is a bad thing to do, but MS has not been particularly good at changing things, for as long as I can remember (and that is really long). As for the “legacy” thing: a revealing choice of words, but not worse than the rest of what is going on with Windows in general, so: not something worth my worrying about.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Hmm.  Does this mean that a fresh Win7 install from existing media won’t be able to obtain the 500-odd updates in future?  Or will we just get hold of this patch first (along with the latest SSU, e.g. KB3177467)?

Tony H.
Bristol UK

P.S. One of Gartner’s researchers once defined legacy as ‘the programmer is dead or should be’!

Reply | Quote

It probably means you will have to download and install the patch offline before you can update from Windows Update or WSUS.

1 user thanked author for this post.

OscarCP

Reply | Quote

All updates are dual signed sha1/sha2 since late 2014 or starting 2015
so the new WU infastructure will still work with them

not sure if thesame applies about older updates (sha1 only)

2 users thanked author for this post.

Kranium, PKCano

Reply | Quote

woody wrote:

Remember the dire warning, back last November, that you had to install a forthcoming Win7 security patch in order to continue to receive security patc[See the full post at: Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March]

Woody,

SO, will this updatebe available as a KB number in Windows Update Catalog, or will we have to get it some other way? Not trying to rush things, just trying to stay informed for when the time is right.

Dave

Reply | Quote

They will have to distribute it somehow through Windows Update for the general non-business people. Otherwise, most people would miss it, not knowing how to download from the catalog.

2 users thanked author for this post.

Myst, OscarCP

Reply | Quote

What did I tell you a couple days postings ago.  ”  All hands on deck” .  In order to force all W7 users to get W10 they will  use all personnel to throw up road blocks and  other things .  They will in the mean time  neglect W10 and put out sloppy patches while concentrating on W7`s demise because they know millions of W7 users won’t be switching.

Reply | Quote

This is not a roadblock. It is necessary for security and should have been done before this.

6 users thanked author for this post.

walker, abbodi86, Chris B, Myst, OscarCP, SueW

Reply | Quote

I’m not sure I agree. Windows has gone without it for a while, and there are, to my knowledge, no fake updates out in the wild. It also would be a smaller burden to just keep both setups running, or at least keep the old one running and putting out a single update that then allows you to install the rest.

The time to move off of SHA-1 was a couple years ago, when the web itself moved off of it. It seems weird that they are doing it now. What has happened that makes them suddenly decide security on updates matters?

Reply | Quote

@PKCano:  I have been in a hospital for quite some time, and I am now attempting to get back to where I ended (about 2-9-19).  I don’t know of anyone who is more knowledgeable than you are, and you have been a Godsend in helping me.

I presently only have 2 Important updates listed (not including the MSRT & Win Def Update).  These are as follows:

KB4487078     64.2 MB  Security & Quality Rollup for .NET, pub. 2-12-29.

KB 4486565    240.8MB  Security Monthly Quality Rollup for Win7 for 64 based systems

Could you please, please provide the information I need for these two?  I need your help desperately.  You are the BIGGEST STAR we have, and I cannot thank you enough for your invaluable help to all of us.  Thank you, thank you, thank you.

Reply | Quote

walker wrote:

KB4487078 64.2 MB Security & Quality Rollup for .NET, pub. 2-12-29.
KB 4486565 240.8MB Security Monthly Quality Rollup for Win7 for 64 based systems

@walker.
You can install both of those updates plus MSRT & Win Def Update. You should be fine.

1 user thanked author for this post.

Lori

Reply | Quote

@PKCano:  I thank you so very, very much for the information which will allow me to get back to a starting point.     You are a “TRUE GEM“, PK, and I shall never be able to adequately express my gratitude for your invaluable information.     Thank you, thank you, and thank you once again!

Reply | Quote

Micro$oft can do whatever they like, I’m not giving up Win 7!!! I’ll run it without updates. Been doing that for most of 2018. Picking and choosing my updates based on what I’ve read on here. Woody, the Patch Lady and others have helped greatly. Win 7 isn’t going away, just because Micro$oft wants it to. New software and old will still work on it. The same way it still works with XP. My guess is ( and only me guessing ) much of Win 10 code is the same as Win 7 and that both are partly old Win NT and/or Win 2000. If true,,, everything is “legacy”.

Reply | Quote

With less than 1 year of support remaining, Windows 7 and Server 2008 / R2 _are_ legacy.

Reply | Quote

“Legacy” or not, people should keep in mind, and plan accordingly as soon as possible, that come the end of life of Windows 7 next January, and possibly even before:

If a printer breaks, there may be no printers to be found with Windows 7 drivers.

Application software “for Windows 7” may no longer be supported.

Security patches will no longer be available, except, perhaps, in some dire situations, as has happened with Windows XP after it ceased to be supported by MS.

So, although none of this might happen very fast, given the large number of people one can expect will be still using Windows 7 after its EOL, nevertheless, as time goes by, there will be more and more such problems, and their solutions might be increasingly harder to find. In consequence, functionality will be gradually lost.

So I would like to suggest now that, at Woody’s, someone opens a forum (not a thread) on the problems I have outlined above and others of the same nature, when the EOL of Windows 7 is already getting very closer. “Transitioning from Windows 7 ” could be its title.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I will concede in part to what you have mentioned, but the sky won’t be
falling on January 2nd. of next year. Win 7 will work in the same way it does
now. As time goes by, yes,,, hardware will be harder to find as suppliers
inventories change over. Namely the drivers for hardware.
Application/program software will have a much long way to go. Case in point, is the fact many of them still support Windows XP. In some rare cases, Windows 2000 security patches have become a joke. They are the very reason most of us come to this site and forum, to find the truth about security updates. I have put my trust into much wiser people than myself, to inform me what I should and shouldn’t do. EOL will come to Win 7, it just won’t happen overnight. Everyone will have to make a decision of, when and what to do next. For me it’s Linux Lime. A year from now, I could still be using Win 7 or maybe Lime, but that’s my decision not someone else’s!

 

Edited for HTML. Please use the “Text” box for copy/paste

1 user thanked author for this post.

columbia2011

Reply | Quote

What would be the outcome if a non computer person didn’t know of the update or receive it thru normal “Windows Update” to install?

Reply | Quote

It will be published thru normal “Windows Update” to install

Reply | Quote

window 7 SHA 2 should it be installed now or wait

Reply | Quote

You should wait until the DEFCON number for the March patches is 3 or above. The SAH-2 requirements do not take effect until July or August, so NOW isn’t necessary.

Reply | Quote

Win 7 SP1 SHA-2 patch is KB4474419

Reply | Quote