What is SHA-1 and SHA-2, and deprecation of SHA-1?
SHA-1 & SHA-2 are algorithms a certificate uses to sign binaries, and Guardian also signs its binaries in the products. Guardian has been using dual (SHA-1 & SHA-2) code-signing for its products.
According to an announcement, Microsoft will no longer allow certificate providers to issue SHA-1 supported certificates. The SHA-1 hashing algorithm used for code-signing of Guardian products has expired on June 4, 2021, and we will use new credentials that only support the SHA-2 algorithm.
What will be the change in Guardian products?
All new software packages, hotfixes, or security patches of Guardian products created after June 4, 2021 will use only SHA-2 Certificate for code-signing. Please note: The changes do not affect any user experience and if you regularly install Windows updates, you do not have any action item.
What do I need to do?
Please find below the action items that are needed to be performed on specific operating systems:
Recommendation
We recommend using the latest version of operating systems to avoid the risk of exploits targeting vulnerabilities of the operating system. Windows operating systems that Microsoft no longer supports can be potentially vulnerable as Security patches/updates are not released for this operating system by Microsoft.
Reference
Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
Guardian Support
Still, have queries? You can reach out to us at +91-86696-67399 or write to us at support@guardianav.co.in. You can also click here for further assistance.