Security News > 2020 > August > Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline
Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled "Allow certificates signed using SHA-1 when issued by local trust anchors."
Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017.
"Microsoft Edge forbids certificates signed using SHA-1 by default, and the security baseline is enforcing this to ensure Enterprises recognize that allowing SHA-1 chains is not a secure configuration," wrote Microsoft security chap Rick Munck.
The new baseline for Edge 85 also adds a policy titled "Define a list of protocols that can launch an external application from listed origins without prompting the user" that will mean users will be given an option to always allow browsers to spawn local apps.
Microsoft rates its full list of Edge policies a 313-minute read. But we've all got time on our hands right now so why not jump in? .
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/31/microsoft_edge_sha_1_revival/
Related news
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft says Edge browser is now 9% faster after optimizations (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Network Security at the Edge for AI-ready Enterprise (source)
- Widespread Microsoft Entra lockouts tied to new security feature rollout (source)
- Microsoft ends Authenticator password autofill, moves users to Edge (source)