Security News > 2020 > August > Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline
Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled "Allow certificates signed using SHA-1 when issued by local trust anchors."
Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017.
"Microsoft Edge forbids certificates signed using SHA-1 by default, and the security baseline is enforcing this to ensure Enterprises recognize that allowing SHA-1 chains is not a secure configuration," wrote Microsoft security chap Rick Munck.
The new baseline for Edge 85 also adds a policy titled "Define a list of protocols that can launch an external application from listed origins without prompting the user" that will mean users will be given an option to always allow browsers to spawn local apps.
Microsoft rates its full list of Edge policies a 313-minute read. But we've all got time on our hands right now so why not jump in? .
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/31/microsoft_edge_sha_1_revival/
Related news
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Microsoft previews Game Assist in-game browser in Edge Stable (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft tests Edge Scareware Blocker to block tech support scams (source)
- Deploying AI at the edge: The security trade-offs and how to manage them (source)
- Cyber agencies share security guidance for network edge devices (source)
- Microsoft Edge update adds AI-powered Scareware Blocker (source)