Windows Vista: No more unofficial updates due to SHA2

Windows Update[German]A brief information for people who still use Windows Vista. Since July 2019 the unofficial approach to install Windows Server 2008 SP2 updates seems to simply doesn't work anymore. But there is a solution.

Windows Vista End of Support, but …

In April 2017 the extended support for Windows Vista expired – I had reported about it in the blog article Windows Vista reached End of Live (April 11, 2017). Microsoft no longer distributes security updates for this operating system.

But the code base used for Windows Vista and Windows Server 2008 is the same. This allows updates for Windows Server 2008 to be downloaded manually from the Microsoft Update Catalog and installed manually under Windows Vista.

SHA-2-Issue: Unofficial patches no longer installable

Blog reader Gero H., who still runs a system with Windows Vista, had posted some lists of unofficial updates here in the blogs. Now Gero has informed me by mail about the following.

There was the possibility to download Server 2008 SP2 updates and install them under Vista. Unfortunately this doesn't work anymore after July 2019 Patchday.

The 2019-07 – Security Quality Update for Windows Server 2008 (KB4507461) and Rollups
2019-07 – Monthly Security Quality Rollup for Windows Server 2008 (KB4507452)
2019-07 Update for Windows Server 2008 (KB4507704)

cannot be installed under my test VM (Vista SP2 x64 Ultimate, update June 2019).

Only the 2019-07 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB4507434) can be installed.

It does not matter if the update script of is used or not. Possibly it could be that after about 2 years Microsoft has now installed another algorithm that recognizes whether it is actually a Server 2008 SP2 system or a Vista.

I have changed the registry in the WindowsNT CurrentVersion key to a server 2008 SP2 datacenter. Furthermore the updates are not installed.

Update nicht installiert

Much more likely it is that Windows Vista has not strapped the support for SHA2. So I downloaded the respective SHA2 support updates for Server 2008 SP2 and tried to install them. The update is rejected with the message "The update does not apply to your system".

Falsches Update-Paket

Windows Vista is now completely unofficially out of support since June 2019. Only Internet Explorer 9 can still be updated (.NET Framework not tested).

Gero sent me some links to his server, where the old updates can still be downloaded. Since this is legally tricky and the support has now come to an end, I do without the links. Thanks to Gero for the hint.

But there is another solution

Gero H. contacted me a 2nd time and outlined a solution to the problem. I add this as a supplement.

I now have a solution to the problem that Windows Vista will no longer install updates from July 2019 due to the lack of SHA2 support.

If you search the net for updates for Server 2008 SP2 you can find this article at Microsoft. There you are referred to the KB4039648, which should guarantee the SHA2 support. Now this update cannot be installed.

However, there is another list which also addresses systems like Windows 7 or Server 2008 R2. There is a SSU update KB4493730 stated "that introduce SHA-2 code sign support for the servicing stack (SSU) was released as a security update." If you install this update, it is possible to install the July 2019 updates. No matter if Security Only or Rollups. That means the SHA2 support is given.

There are two more updates for Server 2008 SP2, this is KB4474419 in v1 and v2. KB4474419 describes "re-released to add missing MSI SHA-2 code sign support". My testsysem (Vista x64 Ultimate VM) does not need this and rejects it with "does not apply to your system". It doesn't matter if v1 or v2 is tried.

So it could happen, if a future update requires parts of the MSI SHA2 code, that it is still not installable, because the update KB4474419 is rejected.

So for now Windows Vista is upgradeable for SHA-2 support, wondering for how long?

This entry was posted in Update, Windows and tagged , . Bookmark the permalink.

3 Responses to Windows Vista: No more unofficial updates due to SHA2

  1. EP says:

    I think you're proven wrong by some Vista enthusiasts, guenni.

  2. g_m_1990 says:

    KB4474419 v2 has been installed on my Vista Business SP2 64-bit VM (NT 6.0.6003, VMware Workstation 15 Player) without any problems.

  3. MRCBR1 says:

    This worked for me. Running Windows Vista Business, Service Pack 2 in a VMware 15.5.1 environment. I downloaded KB4493730 for Windows Server 2008 followed by KB4474419 for Windows Server 2008 from the Microsoft Update Catalog and now Vista picks up the updates from the WSUS server and the Windows Update site.

Leave a Reply

Your email address will not be published. Required fields are marked *