Alle Beiträge von Mag. Jochen Reckzigel (Redaktion)

2019 SHA-2 Code Signing Support requirement for Windows and WSUS

Quelle: Link

Summary


To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Some older versions of Windows Server Update Services (WSUS) will also receive SHA-2 support to properly deliver SHA-2 signed updates. Refer to the Product Updates section for the migration timeline.

Background details


The Secure Hash Algorithm 1 (SHA-1) was developed as an irreversible hashing function and is widely used as a part of code-signing. Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing. Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues. For more information about of the deprecation of SHA-1, see Hash and Signature Algorithms.

Product updates


Starting in early 2019, the migration process to SHA-2 support will occur in stages, and support will be delivered in standalone updates. Microsoft is targeting the following schedule to offer SHA-2 support. Please note that the timeline below is subject to change. We will update this page as the process begins and as needed.

Target DateEventApplies To
March 12, 2019Stand Alone updates that introduce SHA-2 code sign support will be released as security updates.Windows 7 SP1,
Windows Server 2008 R2 SP1.
March 12, 2019Stand Alone update will be delivered to WSUS 3.0 SP2 that will support delivering SHA-2 signed updates. For those customers using WSUS 3.0 SP2, this update should be installed no later than June 18, 2019.WSUS 3.0 SP2
 
April 9, 2019Stand Alone updates that introduce SHA-2 code sign support will be released as security updates.Windows Server 2008 SP2.
 
June 18, 2019Windows 10 updates signatures changed from dual signed (SHA1/SHA2) to SHA2 only. No customer action is expected for this milestone.
 
Windows 10 1709,
Windows 10 1803,
Windows 10 1809,
Windows Server 2019
 
June 18, 2019Required: For those customers using WSUS 3.0 SP2, the updates should installed by this date.WSUS 3.0 SP2
July 16, 2019Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March and April will be required in order to continue to receive updates on these versions of Windows.Windows 7 SP1,
Windows Server 2008 R2 SP1,
Windows Server 2008 SP2.
July 16, 2019Windows 10 updates signatures changed from dual signed (SHA1/SHA2) to SHA2 only. No customer action is expected for this milestone.Windows 10 1507,
Windows 10 1607,
Windows 10 1703
August 13, 2019Contents of updates for legacy Windows versions will be SHA2 signed (embed signed binaries and catalogs). No customer action is expected for this milestone.
 
Windows 7 SP1,
Windows Server 2008 R2 SP1,
Windows Server 2008 SP2.
September 16, 2019Legacy Windows updates signatures  changed from dual signed (SHA1/SHA2) to SHA2 only. No customer action is expected for this milestone.Windows 7 SP1,
Windows Server 2008 R2 SP1,
Windows Server 2008 SP2,
Windows Server 2012,
Windows 8.1,
Windows Server 2012 R2
 

WSUS 3.0 SP2

For customers using WSUS 3.0 SP2, we recommend that you update your servers with the SHA2 updates for WSUS 3.0 SP2 by June 18th, 2019 to ensure that SHA2 signed updates can be delivered to your enterprise.

Der Support für Windows 7 endet am 14. Januar 2020

Supportlebenszyklus für Windows 7

Microsoft hat sich verpflichtet, 10 Jahre Produktsupport für Windows 7 bereitzustellen, das am 22. Oktober 2009 veröffentlicht wurde. Nach Ablauf dieser 10 Jahre wird Microsoft den Support für Windows 7 einstellen, sodass wir unsere Investitionen auf die Unterstützung neuerer Technologien und großartiger neuer Erfahrungen konzentrieren können. Der Support für Windows 7 endet am 14. Januar 2020. Anschließend sind weder technische Unterstützung noch automatische Updates zum Schutz des PCs verfügbar. Microsoft empfiehlt dringend, vor Januar 2020 zu Windows 10 wechseln, um Situationen zu vermeiden, in denen Sie Service oder Support benötigen, der nicht mehr verfügbar ist.

Quelle: Link

Impact of Oracle to license JAVA as of February 2019 on ServerView Suite

Quelle: Fujitsu – Global Marketing – Product Marketing Server Team

The announcement of ORACLE to license JAVA as of February 2019 also influences some products of the ServerView Suite.

In order to provide these products to our customers also in the future without the need for license fees, Fujitsu is modifying these products so that they can use a Java royalty-free product.
The modification is based on HTML5 or OpenJDK (for details see the table below). This approach causes that customers, using the current ServerView products, will have to update to the
newest versions immediately after release (not later than end of January 2019).
Should an update not be possible or desirable, then these customers will have to start paying license fees for the usage of ORACLE Java. The prices depend on the usage of Java and are listed in the global
ORACLE pricelist.

Oracle Java Lizenzierung

Oracle hat in letzter Zeit eine Reihe von Ankündigungen über Java gemacht, und wie es für die Zukunft veröffentlicht, unterstützt und lizenziert werden soll.

Diese Änderungen lassen sich wie folgt zusammenfassen:

  • Ab Java 11 wird Oracle keine öffentlichen Updates mehr zur Verfügung stellen (also kein kostenloses Patchen).
  • Oracle Java- und OpenJDK-Versionen werden in einem 6-monatigen Rhythmus veröffentlicht und nur die neuesten Versionen erhalten Sicherheitspatches (außer LTS (Long Term Support) kommerzielle Versionen mit Supportvertrag).
  • Öffentliche Updates für Java 8 für die kommerzielle Nutzung sind ab dem 15. Januar 2019 nicht mehr verfügbar.
  • Vollständiger Support und Patches werden für Java 8 (mit Supportvertrag) bis März 2025 verfügbar sein.
  • Oracle Java-Lizenzen werden nun als Jahresabonnement und nicht mehr als unbefristete Lizenz mit Support verkauft.

Wie wird sich das auf Ihre Kunden auswirken?

Die meisten kommerziellen Unternehmen verwenden Java in der einen oder anderen Form. Dies kann sein, um Anwendungen zu unterstützen bei denen ein Java-Client auf dem Desktop läuft, oder eine Anwendung die auf einem Server läuft.

Jede Verwendung der Oracle-Version von Java (von Java.com bezogen) oder von einem ISV, benötigt eine Lizenz, wenn in Zukunft Patches installiert werden. Oder Sie haben ältere Versionen von Java gepatcht, nachdem die öffentlichen Updates zurückgezogen wurden (Da die öffentlichen Updates seit ihrer Einführung nur für die neuesten Versionen von Java verfügbar waren, erforderten die nach der Veröffentlichung der nächsten Version angewandten Patches einen Lizenz- und Supportvertrag). Mit Vorschriften wie GDPR, etc. werden Datensicherheitsanforderungen und damit Patchanforderungen sehr ernst genommen,so dass die meisten Kunden davon betroffen sind.

Möchten Sie mehr erfahren?

Die Java SE Support Roadmap von Oracle enthält Details zur Verfügbarkeit von Patches sowohl für Public Updates als auch für Premier Support, den Release-Zyklus für Versionen und welche Versionen dem Langzeit-Support unterliegen.


Die Roadmap finden Sie hier

Hier geht es zum Java Data Sheet

OracleJava SE Subscription FAQ

BATTERY CHARGING CONTROL UPDATE TOOL

BATTERY CHARGING CONTROL UPDATE TOOL – Aufforderung an die Kunden, das „Battery Charging Control Update Tool“ auf Fujitsu-gefertigte Laptop-PCs anzuwenden

Seit dem 9. Februar 2017 bietet Fujitsu über seine Website ein „Battery Charging Control Update Tool“ für seine zwischen 2010 und 2016 eingeführten Laptop-PCs an, um den Kunden eine sicherere Nutzung ihrer Laptop-PCs zu ermöglichen. Dieses Update regelt die Ladespannung entsprechend der Verschlechterung der Batterie, um jegliche Vorfälle der Batteriezündung zu vermeiden. Dieses Update wird von Fujitsu nun über den Windows Update Service von Microsoft auf alle relevanten Laptop-PCs verteilt.

Helping customers shift to a modern desktop

Quelle: Link

Support for Office 365 ProPlus on Windows 8.1 and Windows Server 2016
Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To support customers already on Office 365 ProPlus through their operating system transitions, we are updating the Windows system requirements for Office 365 ProPlus and revising some announcements that were made in February. We are pleased to announce the following updates to our Office 365 ProPlus system requirements:

  • Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end of support date for Windows 8.1.
  • Office 365 ProPlus will also continue to be supported on Windows Server 2016 until October 2025.

Office 2016 connectivity support for Office 365 services
In addition, we are modifying the Office 365 services system requirements related to service connectivity. In February, we announced that starting October 13, 2020, customers will need Office 365 ProPlus or Office 2019 clients in mainstream support to connect to Office 365 services.

To give you more time to transition fully to the cloud, we are now modifying that policy and will continue to support Office 2016 connections with the Office 365 services through October 2023.

Servicing and support flexibility

Longer Windows 10 servicing for enterprises and educational institutions
In April 2017, we aligned the Windows 10 and Office 365 ProPlus update cadence to a predictable semi-annual schedule, targeting September and March. While many customers—including Mars and Accenturehave shifted to a modern desktop and are using the semi-annual channel to take updates regularly with great success, we’ve also heard feedback from some of you that you need more time and flexibility in the Windows 10 update cycle.

Based on that feedback, we’re announcing four changes:

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

Changes to the Office 365 ProPlus system requirements (February 1, 2018)

Quelle: Link

Published: February 1, 2018

Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To ensure that customers get the best value from ProPlus and Windows 10 together, we are making the following updates to the ProPlus system requirements for Windows:

  1. To clarify our current support practices for ProPlus running on Windows 10, ProPlus will not be supported on Windows 10 Semi-Annual Channel (SAC) versions that are no longer being serviced per the Windows 10 lifecycle. Office ProPlus will be supported on Windows 10 versions in active servicing and in servicing extensions as outlined here.
  2. Effective January 14, 2020, ProPlus will no longer be supported on the following versions of Windows and Windows Server—this will help customers get the best experience by receiving regular updates to both Windows and Office:
    • Any Windows 10 Long-Term Servicing Channel (LTSC/LTSB) release
    • Windows Server 2012, 2012 R2, and 2016
    • Windows 8.1

Delivering Office 365 ProPlus remotely via Remote Desktop and Virtual Desktop Infrastructure (VDI) continues to be a key scenario for our customers. Microsoft is committed to enabling Office 365 Pro Plus in this scenario along with key Windows 10 experiences like Microsoft Edge, Store for Business, and Cortana. Later this year we will deliver these capabilities within the Semi-Annual Channel release cadence of Office, Windows 10, and Windows Server. Join the Windows Server Insider Program to get early access to these capabilities.

Go here to learn more.