Windows 7 users must support sha-2 from July for further updates
As of July 16, systems running Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 must have support for sha-2. If they don’t, they will no longer receive updates after that date.
Microsoft has put the schedule online for the sha-2 requirement for Windows and WSUS. The switch is part of the phasing out of the secure hash algorithm 1 which is now considered unsafe for signing code with certificates. Microsoft is therefore switching to the exclusive use of the more secure sha-2 for signing Windows updates.
Therefore, on March 12, Microsoft will start releasing standalone security updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 that add sha-2 support. WSUS 3.0 SP2 can also expect an update from that date, while Windows Server 2008 SP2 will follow from April 9.
As of June 18, Microsoft will switch to sha-2 signing exclusively for recent Windows 10 versions and Windows Server 2019; now there is still dual signing with support for both sha-1 and sha-2. So Windows 10 users don’t need to do anything for sha2 support.
The deadline for Windows 7 and the Windows 2008 variants is then July 16: those who do not yet have sha-2 support will no longer receive updates. As of September 16, Microsoft will switch completely to signing with sha-2 for the older Windows versions.