Microsoft Download Center

From Archiveteam
Jump to navigation Jump to search
Microsoft Download Center
Microsoft Download Center logo
Employee captured tearing page.png
Project status Special case
Archiving status In progress...
Project source microsoft-download-center-grab
Project tracker microsoft-download-center
IRC channel #archiveteam-bs (on EFnet)
Project lead Unknown

The Microsoft Download Center is one of Microsoft's platforms to distribute software and patches.

2020 removal of SHA-1-signed content

On 2020-07-28, Microsoft published the following announcement[1]:

SHA-1 Windows content to be retired August 3, 2020

To support evolving industry security standards, and continue to keep you protected and productive, Microsoft will retire content that is Windows-signed for Secure Hash Algorithm 1 (SHA-1) from the Microsoft Download Center on August 3, 2020. This is the next step in our continued efforts to adopt Secure Hash Algorithm 2 (SHA-2), which better meets modern security requirements and offers added protections from common attack vectors.

SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Microsoft no longer uses SHA-1 to authenticate Windows operating system updates due to security concerns associated with the algorithm, and has provided the appropriate updates to move customers to SHA-2 as previously announced. Accordingly, beginning in August 2019, devices without SHA-2 support have not received Windows updates. If you are still reliant upon SHA-1, we recommend that you move to a currently supported version of Windows and to stronger alternatives, such as SHA-2.

This announcement was hidden away in their community forums and only made less than a week before the removal. Notably, no notice was shown anywhere in the Download Center itself.


There does not appear to be any way to determine whether a particular file is affected without downloading and analysing it. Therefore, we decided to simply archive everything on the MDC. User:JustAnotherArchivist retrieved all info and download pages with qwarc (microsoft_download_center_pages_202008). The actual files were retrieved in the microsoft-download-center DPoS project (archiveteam_microsoft_download) and partially by mgrandi ([1]). Or1dow6 created an index of the former at microsoft_download_center_html_index_2020-08.

A continuous archival of new files is planned by User:JustAnotherArchivist but not yet operational.