Microsoft began an aggressive six-month campaign in March of this year to switch the digital signature on all operating system and product updates from using Secure Hash Algorithm 1 (SHA-1) to SHA-2. This required installing the current SHA-2 algorithms in all the operating systems so they could read and deploy the newly signed patches.
Microsoft took a phased approach using both dual-signed patches in conjunction with the SHA-2 operating system upgrades where needed. The campaign should come to completion next week with operating system releases for Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 signed only with SHA-2. SHA-1 was an excellent algorithm when originally released but the latest advances in high speed computing have put its security at risk, so Microsoft rightfully moved to the latest security standard in SHA-2.