• Windows 7’s Windows Update will no longer work out-of-the-box

    Home » Forums » AskWoody support » Windows » Windows 7 » Win7 beyond End-of-life » Windows 7’s Windows Update will no longer work out-of-the-box

    Author
    Topic
    abbodi86
    AskWoody_MVP
    August 6, 2020 at 12:52 pm #2286800

    Starting August 2020, unupdated Windows 7 / Server 2008 systems will require to manually install SHA-2 support updates before able to use Windows Update

    Windows Update on Vista and XP will stop working too

    Windows Update SHA-1 based endpoints discontinued for older Windows devices

    6 users thanked author for this post.
    MrChaz, Bienzani, Volume Z, Microfix, PKCano
    Reply | Quote
    Viewing 5 reply threads
    Author
    Replies
    • PKCano
      Manager
      August 6, 2020 at 1:01 pm #2286802

      If you have KB4474419 installed, you already have the SHA-2 code signing installed on Win7.
      If you are doing a clean install, you will need to install KB4474419 manually before using Windows Update.

      5 users thanked author for this post.
      Bienzani, plodr, abbodi86, Microfix
      Reply | Quote
    • Microfix
      AskWoody MVP
      August 6, 2020 at 1:17 pm #2286804

      That seems terminal for XP and Vista by the wording.
      Playing devils advocate: what if another eternalblue type exploit appears..catalog wont work with XP nor Vista if it hasn’t been SHA2 updated.
      Sounds a bit desparate to me, by hook or by crook to get folk onto W10.

      A couple of separate external Win7 EoS fully updated images held in reserve here 😉

      Windows - commercial by definition and now function...
      Reply | Quote
      • abbodi86
        AskWoody_MVP
        August 6, 2020 at 3:00 pm #2286837

        Actually, KB4474419 can be installed fine on Vista and it add the SHA2 support
        but the updated WU client contained within it excluded from installation, therefore you won’t have working WU

        but you can install updates manually though

        2 users thanked author for this post.
        PKCano, Microfix
        Reply | Quote
    • Alex5723
      AskWoody Plus
      August 6, 2020 at 1:37 pm #2286810
      abbodi86 wrote:

      will require to manually install SHA-2 support updates

      So why won’t Microsoft install SHA-2 via WU ?

      Reply | Quote
      • Microfix
        AskWoody MVP
        August 6, 2020 at 1:43 pm #2286813

        the patches need verification in order to download and install in the target OS. It’s a security measure for both MS and the recipient. MS can’t change WU on installation DVD’s!

        Windows - commercial by definition and now function...
        Reply | Quote
        • Alex5723
          AskWoody Plus
          August 6, 2020 at 2:08 pm #2286819

          @Microfix.

          Sorry, don’t understand your reply.
          Downloading and installing manually doesn’t pose security hazards ? How does that protect Microsoft or the client ?
          I thought that using WU is the secure way.

          Reply | Quote
          • PKCano
            Manager
            August 6, 2020 at 2:18 pm #2286822

            You can’t use WU without SHA-2 coding enabled.
            Older install media does not have SHA-2 coding.
            You can’t update using WU to download SHA-2 coding b/c you can’t access WU without ShA-2 coding enabled.
            So the only way is to download it and install manually.

            Reply | Quote
          • anonymous
            Guest
            August 6, 2020 at 2:30 pm #2286825

            Yes it poses a security risk but they’ll stop their whole SHA-1 based infrastructure so if you’d like to connect to get their update safely then you have to download the software that makes safe connections possible to their remaining infrastructure – at your own risk.

            Interesting that the advisory says this goes in effect “in late July 2020” but it was still working for me a few days ago (update Win7 from convenience rollup to 2020 January level through WU).

            1 user thanked author for this post.
            MrChaz
            Reply | Quote
      • anonymous
        Guest
        August 6, 2020 at 1:53 pm #2286815

        Because

        Windows Update is discontinuing its SHA-1 based endpoints

        therefore you have to install manually SHA-2 to be able to connect to WU endpoints.

        1 user thanked author for this post.
        Microfix
        Reply | Quote
    • anonymous
      Guest
      August 6, 2020 at 2:57 pm #2286835

      They just don’t care.

      You download the update binary and compare its hash to the one published in the advisory and you’re safe.

      Reply | Quote
    • Cybertooth
      AskWoody Plus
      August 6, 2020 at 4:23 pm #2286847

      As of this writing, my Vista system is still connecting to the Windows Update server:

      Vista-updates-still-available

      Keep Running Windows 7 Safely for Years to Come  
      Make Windows 10 look and work like Windows 7

      Reply | Quote
    • Volume Z
      AskWoody Lounger
      October 2, 2020 at 1:56 pm #2300532
      anonymous wrote:

      Because

      Windows Update is discontinuing its SHA-1 based endpoints

      therefore you have to install manually SHA-2 to be able to connect to WU endpoints.

      It’s not true.

      Nothing needs to be installed to be able to connect to WU endpoints as long as it’s Windows 7 SP1 or higher. Actually nothing can keep it from connecting to WU endpoints. Windows Update cannot be made denying service by removing KB4474419 or KB4490628.

      The truth is that whenever an OS is affected by the changes pertaining to article 4569557, it cannot be fixed. Whenever an OS is not affected, that means it’s supported and requires no mitigation.

      Particularly Windows 7 RTM and and SP1 cannot be treated likewise, and no case exists in which KB4474419 and KB4490628 become prerequisites to even using Windows Update.

      Regards, VZ

      Reply | Quote
    Viewing 5 reply threads
    Reply To: Windows 7’s Windows Update will no longer work out-of-the-box

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.