Windows 10

Next Windows 10 Update Will Bring the End of Recognizing SHA-1 As Secure

Edge hero

Microsoft has announced that with the Anniversary update with Windows 10, the company will no longer recognize that SHA-1 is secure in Edge and Internet Explorer. In February of 2017, the company will also block SHA-1 signed TLS certificates in an effort to protect end users from websites that appear to be secure but can be easily compromised.

SHA stands for Secure Hash Algorithm, and the hash function is no longer secure and can be easily cracked. Because Edge and IE still show these sites as secure, it can provide a false sense of security when browsing web pages using this type of algorithm to secure data, as it can be compromised for as little as $2.10.

After the Anniversary update is released, if you navigate to a page using SHA-1, you will still be able to browse the site, but the URL bar will not show the lock icon indicating that it is not secure. In addition to Windows 10, for Internet Explorer 11 on Windows 7 and 8.1, these browsers will show the website as insecure as well.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

It is worth noting, for those using Internet Explorer 11, this will only impact certificates that chain to a CA in the Microsoft Trusted Root Certificate program.

If you are an admin and your website is currently using SHA-1, it is important that you update your security certificates as soon as possible to make sure that your site is protected, so that it will not throw an insecure flag after Microsoft releases the update.

You can read more about SHA-1 deprecation on Microsoft’s official blog post detailing the announcement.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: