blog:windows_patches_and_sha1

Windows patches and SHA1

Windows download URL contain a SHA1 checksum as part of the URL:

http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsserver2003-kb824141-x86-enu_90853a52ea80f7da3c5460ef102ade3.exe

You can download the file and the use the SHA1 checksum from the URL itself to then validate the file downloaded correctly. Sounds like a good idea. It is until MS screw up the SHA1 on the URL.

# openssl sha1 windowsserver2003-kb824141-x86-enu_90853a52ea80f7da3c5460ef102ade3.exe
SHA1(windowsserver2003-kb824141-x86-enu_90853a52ea80f7da3c5460ef102ade3.exe)= bfa8072aa29dbe552f952cdb42b1f635072ae081

These are a list of filenames that I've discovered where the SHA in the URL file does not match that computed.

['windowsserver2003-kb824141-x86-enu_90853a52ea80f7da3c5460ef102ade3.exe',
 'msjavwu_8073687b82d41db93f4c2a04af2b34d.exe',
 'windowsserver2003-kb835732-x86-enu_9c2348f833ade0cca439ec6b2a92179.exe',
 'windowsmedia9-kb819639-x86-enu_57af369562f19dc35e69681660521fb.exe',
 'windowsserver2003-kb828741-x86-enu_1e3156bf5ec0354f542c38f309bab49.exe',
 'windowsserver2003-kb819696-x86-enu_41cdc8619ebb756106ea383c055530d.exe',
 'windowsserver2003-kb825119-x86-enu_329e94ea193be4c2d2f8d9bfc4daf23.exe',
 'windowsserver2003-kb840374-x86-enu_eeafbc20c2402b1c951d155d3d2cb9c.exe',
 'windowsserver2003-kb837001-x86-enu_0a248bb59a71c52a288c837779ac98e.exe',
 'windowsserver2003-kb823980-x86-enu_7f97e0d2355f670acb9384ad0933515.exe',
 'windowsserver2003-kb824146-x86-enu_f759bdcfdc906b0b35ad697a29ed1a1.exe',
 'windowsserver2003-kb823559-x86-enu_d8d3b25c5678c692e29cf971a6c38fa.exe',
 'windowsserver2003-kb824105-x86-enu_c7fd830ee6b1c3bb594be4f7a61f43c.exe',
 'windowsserver2003-kb828028-x86-enu_52dce385c001ce81c2514c3fb1cac7e.exe',
 'windowsserver2003-kb828035-x86-enu_d1df77e311740d6c012bcda5a7f821f.exe',
 'directx9-kb819696-x86-enu_977f8cc86c1e151a0168d1296210913.exe',
 'windowsserver2003-kb830352-x86-enu_d67acb6c784dd87961c8070943dadd8.exe',
 'sql2000-kb815495-8.00.0818-enu_4c77bb3f492fb1670b90b477d674e7e.exe',
 'windowsserver2003-kb823182-x86-enu_c7ee6a3716815554656d98ed9bc85d5.exe',
 'windowsxp-kb883939-x64-enu_9e1efe32675530155c34f7af1172a6d496e1e5ee.exe',
 'ndp10_sp_q321884_en_0fc8b14a073e01a03c27c948d254feedaa79feae.exe']
  • blog/windows_patches_and_sha1.txt
  • Last modified: 2015/05/19 12:07
  • by brett