Preparing for the deprecation of SHA-1 signatures
By Mark Cook
Published: June 20, 2019
In support of our promise to provide best-in-class security to our customers, Microsoft are planning to discontinue support for SHA1 code signing certificates. Background details on the reasons for this and how it will affect you are available at 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
Currently Sysinternals binaries are dual signed using for SHA-1 and SHA-2. As of July 31, 2019, these will be signed using only SHA-2 signatures.
Prior to this date customers running our tools on legacy OS versions will need to install SHA-2 code signing support in order to run the SHA-2 signed versions. Although this support will typically be delivered via Windows Update, standalone security updates are also available for download. Refer to 2019 SHA-2 Code Signing Support requirement for Windows and WSUS for details on these updates