Symantec cannot handle SHA-2 and breaks Windows 7 and Server 2008 R2

Microsoft withholding updates from machines with Symantec software, because it cannot handle SHA-2 certificates and does stupid things.

Shame about SHA-2: Symantec flunks basic programming Some Windows 7 and Server 2008 R2 users find updates blocked because the anti-virus maker can't manage to make basic coding tweaks in timely fashion. Read more: https://zd.net/2KKrPuM

If only Symantec had any sort of forewarning about Microsoft moving to use SHA-2 signed updates, everything might have gone smoother.

It seems that six months is not enough for Symantec to get its ducks in a row, as its anti-virus software is unable to handle SHA-2 signatures, and led to Microsoft withholding updates from certain devices.

In an update note for Windows 7 and Server 2008 R2, Microsoft said that when a device runs any Symantec or Norton antivirus program, and attempts to install an update signed only with SHA-2, the antivirus program blocks or deletes the update during installation, which could make the operating system stop working.

"Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available," Microsoft said.

"We recommend that you do not manually install affected updates until a solution is available."

For its part, Symantec said an "upcoming version" of Symantec Endpoint Protection would support SHA-2.

Earlier in the year, Microsoft said it was moving away from dual-signing its updates with SHA-1 and SHA-2 due to the weakness of SHA-1.

"Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing," Microsoft said at the time.

"Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues."

Last week, Broadcom picked up Symantec's enterprise security business as well as the Symantec brand name for $10.7 billion.

The remaining portion of Symantec will keep its consumer products, such as Norton.

Reporting its first quarter results at the same time, Symantec said it would cut approximately 7% of its workforce, and disclosed revenue of $1.24 billion.

Related Coverage

Broadcom buys Symantec's enterprise security portfolio for $10.7 billion

The deal gives Broadcom ownership of Symantec's entire enterprise security business as well as the Symantec brand name. Symantec will restructure and cut 7% of its workforce.

Microsoft names top security researchers, zero-day contributors

Yuki Chen of Qihoo 360's Vulcan team named top bug hunter. Palo Alto Networks named top zero-day reporter.

Microsoft August 2019 Patch Tuesday fixes 93 security bugs

Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.

How to automatically deny UAC elevation requests in Windows 10 (TechRepublic)

To install an app in Windows 10, standard level users are prompted for elevated credentials. With a few tweaks, you can change that behavior to deny such requests.

Microsoft's new vulnerability tracking service is about IT productivity (TechRepublic)

With so many threats and vulnerabilities to deal with, just knowing which actions you should prioritize can be hard. The new Threat & Vulnerability Management service from Microsoft should help.