Solved

What is the correct Microsoft Update for fixing SHA-2 on windows server 2008 R2?

Posted on 2014-11-11
9
889 Views
Last Modified: 2014-11-11
Running windows server 2008R2 was told I have to update to SHA-2 from SHA-1.  Found Microsoft article that if you are using automatic windows updates the patch should already be on the server.  All my updates are current but there is no KB2949927 on my installed updates list.  

https://support.microsoft.com/kb/2949927
0
Comment
Question by:kdschool
  • 4
  • 4
9 Comments
 
LVL 8

Accepted Solution

by:
tshearon earned 275 total points
Comment Utility
If I am not mistaken, Windows 2008 R2 already has the Cryptography Next Generation (CNG) Suite B algorithms. SHA2 is part of that.
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 225 total points
Comment Utility
You're not mistaken it has sha-2 .. sha-2 has been supported since windows xp sp3
0
 

Author Comment

by:kdschool
Comment Utility
Is there a way for me to confirm that?
0
 

Author Comment

by:kdschool
Comment Utility
I found this statement.   What does it mean it's up to the individual applications to implement support?

Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:kdschool
Comment Utility
This one is saying it does not have it unless you have the patch.  I can't find a patch that was installed KB 2949927.

https://technet.microsoft.com/en-us/library/security/2949927.aspx
0
 
LVL 8

Expert Comment

by:tshearon
Comment Utility
It just means they have to have interfaced with sha2 in their code instead of some other algorithm.
0
 
LVL 8

Assisted Solution

by:tshearon
tshearon earned 275 total points
Comment Utility
You shouldn't be worried about that update. Likely it was released in error altogether. If you read the bottom of the page you linked:

"Revisions

    V1.0 (October 14, 2014): Advisory published.
    V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available."
0
 

Author Comment

by:kdschool
Comment Utility
So you recommend I just move forward and install the SHA-2 certificate?  I have a deadline of December 31 and they just told me this morning it had to change.
0
 
LVL 8

Assisted Solution

by:tshearon
tshearon earned 275 total points
Comment Utility
I believe you will be fine to do so.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now