Windows 7 Users: Get this Critical Update (due March)

John Lister's picture

Microsoft has warned an update coming next month is absolutely critical for users running Windows 7. Without it, computers won't be able to use any future Windows security and feature updates, leaving users extremely vulnerable to malware infections (or worse).

It's all to do with a change in the way Microsoft delivers security updates in a secure manner. Whenever Microsoft releases an update, it comes with a digital signature to prove that it came from Microsoft's servers and that the code it contains has not been tampered with.

You can think of these security measures much the same way when you purchase pain reliever from a super market. Oftentimes the medication will come with secure plastic wrap over the top of the bottle and also a security seal inside the cap to prove it hasn't been tempered with - which means it's safe to use. If any of these security measures has been removed, then the medication is not safe to use.

Bogus Security Updates could Mean Rootkit Infections

Ensuring Windows Security updates are genuine is vital to the safety of Windows PCs and its users. If a bogus update were to supersede the way updates are delivered in a secure manner, it could result in malware being implanted deep within the machine, making it impossible to remove. These types of infections are referred to as a rootkit infection.

In this case, antimalware and antivirus would not be able to remove the threats, as it would just keep coming back. The reasoning here is that the malware would infect and control the operating system before the OS has a chance to load into memory. In essence, the malware controls the operating system and anything that runs on top of it (such as antimalware or antivirus software).

Security System Now Vulnerable

Until now, some updates used a technology called Secure Hash Algorithm 1 (SHA-1) to provide sign digital certificates to prove that Windows Updates have not been tampered with. However, SHA-1 was developed as far back as 2002 and is no longer as effective as it used to be. (Source:

That's because SHA-1 encryption can now be defeated by anyone willing to rent a supercomputer (such as Amazon AWS) to crack its code. Instead of taking years to do with a standard PC, it can take anywhere from a few minutes, hours or days on a super computer whereas it could take years on a regular PC.

There's a considerable more secure successor, simply named SHA-2. It works in fundamentally the same way but with some tweaks that make it dramatically harder to crack.

Windows 7 Update a Must Have

The problem is that not all Windows 7 devices support SHA-2 encryption.

On March 12, 2019, Microsoft will issue a stand alone update for Windows 7 that adds SHA-2 support. Users who have updates installed automatically shouldn't need to take any action, but those who manually approve and install updates will need to make sure to get this one. (Source:

From July 16, 2019, Microsoft will only issue security updates to computers that support SHA-2.

Users of later editions of Windows (8.1 and 10) won't need to make any changes. Future updates will switch from using both SHA-1 and SHA-2 to only using SHA-2, but this change will happen behind the scenes as Windows Updates automatically roll out.

Earlier editions such as XP and Vista will not be affected by the SHA-2 update because those systems are no longer supported by Microsoft and therefore do not receive security updates. That makes these systems incredibly dangerous to use.

No More Security Updates for Windows 7 after January 2020

Even with the SHA-2 security upgrade, it's important to remember that Windows 7 will no longer receive security updates past January 2020. That's because Windows 7 reaches its end of life support at that time.

Simply put: anyone running Windows 7 after January 2020 will be extra-vulnerable to hackers, malware, and cyber criminals. To keep receiving updates, users must upgrade their operating system or buy a new PC.

Windows 7 Users: Upgrade to Windows 10 to Keep Security Updates Coming

If you are currently using Windows 7 or 8, you can still get the Windows 10 upgrade for free (with some restrictions). If you need help upgrading your machine, contact Dennis to book an appointment to have your machine upgraded using his remote support service.

What's Your Opinion?

Do you still use Windows 7? If so, do you install updates manually or automatically? Does Microsoft do a good enough job of informing users about serious situations such as this?

Rate this article: 
Average: 4.4 (9 votes)


jamies's picture

Thanks for the information.

Do you know if taking the cumulative fix set (ISO) for April 2019 will allow those using offline update to continue having a system updated.

As in those with only 1GB RAM will be able to continue to update their systems as the online Windows Update seems (well last time I tried using it) to have all other activities terminated in order for Windows Update to run to completion of fix installation within a couple of days without a break in the online connection.

That question would also apply to the many systems that are kept as backup (emergency use) where the owner has a new system that they use as their operational system, and only powerup the old system or initiate the win-7 OS instance - say once a quarter, or even less frequently.

And .. if a win-7 system is being rebuilt from a base manufacturers image, or install media onto a new hard drive (as in the current win-10 system having just failed, needs rebuilding from XP SP1 through having all the licenced software and hardware drivers installed, to take an update to win-7, and then have that updated, in order to then go with the MS update to win-10, allowing "Run in compatibility mode" - Yes, there are some users of old hardware and apps that won't install directly under win10, or even win-7 - so it's XP install offline, then update offline to take 7, then offline update to 7, then update with fixes (almost) to-date, and then allow online to activate.