(http://i.postimg.cc/05nJP3md/sha2windowsupdates.jpg)
Microsoft will begin rolling out SHA-2 standalone updates for Windows 7 and Windows Server 2008 in March in preparation for its July 16 implementation deadline.
Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article.
Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. A bug going forward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said.
Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.
Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019.
On June 18, Windows 10 updates -- 1709, 1803, 1809 and Server 2019 -- will have their signatures changed from dual-signed SHA-1/SHA-2 to SHA-2 only with no customer action required.
The full cut-over timetable is available on Microsoft's support page (http://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus?ranMID=43674&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-YnOFxvKkBsPQcd6LsRDDMw&epi=je6NUbpObpQ-YnOFxvKkBsPQcd6LsRDDMw&irgwc=1&OCID=AID681541_aff_7795_1243925&tduid=(ir__mulc6yhng9kfrm1x0higqpq2m22xh9ikmhwoivty00)(7795)(1243925)(je6NUbpObpQ-YnOFxvKkBsPQcd6LsRDDMw)()&irclickid=_mulc6yhng9kfrm1x0higqpq2m22xh9ikmhwoivty00).
SHA-1, or Secure Hash Algorithm 1, was introduced by the National Security Agency in 2002. It has been used in SSL certificates, encrypted communications, and code revision-control systems. SHA-2 uses SHA-1's algorithm, but it uses different input and output sizes for far superior security. Microsoft began blocking sites signed with SHA-1 certificates in its Edge and IE browsers back in 2017.
source (http://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/?ftag=CAD2e14604)