Security News > 2020 > August > Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline
Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled "Allow certificates signed using SHA-1 when issued by local trust anchors."
Which may surprise some readers seeing as the United States National Institute of Standards and Technology deprecated SHA-1 in 2011 and Microsoft banished it from its Internet Explorer and Edge browsers in 2017.
"Microsoft Edge forbids certificates signed using SHA-1 by default, and the security baseline is enforcing this to ensure Enterprises recognize that allowing SHA-1 chains is not a secure configuration," wrote Microsoft security chap Rick Munck.
The new baseline for Edge 85 also adds a policy titled "Define a list of protocols that can launch an external application from listed origins without prompting the user" that will mean users will be given an option to always allow browsers to spawn local apps.
Microsoft rates its full list of Edge policies a 313-minute read. But we've all got time on our hands right now so why not jump in? .
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/31/microsoft_edge_sha_1_revival/
Related news
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)