• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Microsoft Responds as Hackers Target SHA-1 Vulnerability

Heads up: Edge and Internet Explorer users may have noticed a slight uptick in the number of downloads dubbed untrustworthy by those browsers so far this year. The reason? Effective January safe_data1, Microsoft changed Windows’ default settings so many files downloaded from the Internet bearing an SHA-1 code signature are viewed as suspicious.

Late last year, there were rumblings that SHA-1 encryption was on the fast track to being cracked. Should that have happened, it would have left anything protected by that coding open to being accessed and manipulated by hackers and cyber crooks. While the use of SHA-1 has long been looked at as the opposite of a “best practice,” these threats spurred Microsoft and others to double down on efforts to get users to modernize wherever possible. This includes updating to modern browsers designed to work with new, more effective coding, such as SHA-256 or greater. Also, it means migrating any internal certificate infrastructures away from SHA-1 and over to something more secure.

As far as scope goes, this change will only impact new files. Any files timestamped and released before that January 1 date will continue to be marked as trustworthy by browsers. In addition, signatures verified by Code Integrity are immune from this modification.

It’s important to note that users will still be able to download and access any of the files thought to be untrustworthy. The purpose of this change is to alert them about the increased risks which may lie ahead. If they so choose, customers can override or alter the settings imposed by this change to better suit their needs.

This is the case right now, but long term is a different story. Come January 1, 2017, Windows will automatically block SHA-1 signatures. There is a possibility that end date will come much sooner, however. Microsoft and other browser makers have considered moving it all the way up to June 2016.

The path to a safer, more modern IT environment

Whatever the end date, it’s critical to begin the process of weeding out any legacy systems likely to be affected by this change as soon as possible. That way, when the time does come, business can carry on as per usual – without any heightened fears of attacks.

The Arraya Solutions team is well-versed in identifying and securing weak points in any IT infrastructure. Our team will work with onsite IT to plan out and execute the necessary changes. We can help businesses make the jump to modern browsers such as IE11 or Edge, or leave behind vulnerable and outdated tools such as Windows XP or 2003. If customers issue their own, SHA-1-based certificates for internal use, our team stands ready to assist them with upgrading their internal PKI to use a SHA-256 or greater.

If you’re ready to start a conversation, our team can be reached at http://www.arrayasolutions.com/contact-us/. We’re also available to answer any of your SHA-1 or general IT infrastructure questions through our social media accounts. Be sure to reach out to us on Twitter @ArrayaSolutions, on LinkedIn, or on Facebook.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}