(MS's KB articles haven't been updated.) Remember that block on Win7 patches this month, on systems with Symantec or Norton antivirus? Looks like Symantec has released a fix and you can now install this month's patches. Through the following tweet by Woody Leonhard I became aware that Symantec has now released an update to solve this problem.
I reported in the blog post Symantec/Norton blocks Windows Updates (SHA-2). The required August 2019 security updates were not offered.
Microsoft has therefore blocked the deployment of the August 2019 updates for Windows 7 SP1 and Windows Server 2008 R2. Symantec has published the KB article Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed. The antivirus solutions only detected updates signed with SHA2 (because of the missing SHA-1 signature) as malware and blocked these packages. However, users of Windows systems that have Symantec Antivirus or Norton Antivirus installed have a problem since the August 2019 patchday. These can only be installed if Windows 7 SP1, Windows Server 2008, Windows Server 2008 R2 and WSUS have been upgraded accordingly (see also WSUS: Endpoint decommissioned SHA2 update required). So far, Microsoft has also provided dual-signed update packages signed with SHA-1 as well as SHA-2.Īs of August 2019, however, the SHA-1 signature in the Windows 7 updates has been completely removed. This is not a problem, because Microsoft has provided the relevant updates to SHA-2 support since months. I've addressed this, among other things, in the blog post Windows 7: From April 2019 'SHA-2-Support' is required. Microsoft has changed the signing of Update for Windows 7 in August 2019 exclusively to SHA-2.