Adding SHA-2 Support to Vista SP2 After August 3, 2020

[lmacri]

Further to the 24-Jun-2020 Microsoft support article Windows Update SHA-1 Based Endpoints Discontinued for Older Windows Devices, could someone tell me which updates would have to be applied to a Vista SP2 OS to add SHA-2 code signing support?  After reading the section in that support article titled How to Update Windows Devices to SHA-2 I'm guessing that adding the Windows Server 2008 SP2 updates KB4474419: SHA-2 code signing support update and KB4493730: WU Service Stack Updates are required but I'd just like to confirm.  Also, would adding these Windows Server 2008 SP2 updates change the build of a Vista SP2 machine from 6.0.6002.x (Build 2) to 6.0.6003.x (Build 3) as discussed in the MS support article Build Number Changing to 6003 in Windows Server 2008.

If a Vista SP2 user performs a clean reinstall of their OS after July 2020, does this mean that they will have to add SHA-2 support by manually applying these Windows Server 2008 SP2 updates first, and then apply the 4 or 5 required "speed up" patches recommended on page 1 of page 1 of m#l's thread Updates not working, it has been searching for updates for hours in the MS Answers forum before Windows Update will work correctly and patch their Vista SP2 system back to end of extended support (11-Apr-2017)?
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

[SIW2]

It seems any updates that are only sha1 will not be available. Presumably that would include the updates before vista EOL date.

Might be sensible to d/l the vista updates now, before they disappear.

One way is to use windows patch loader created by ismail at MDL windows patch loader v1.1.3

It can also produce an exportable download list of the updates you currently have installed,

 

Edited July 29, 2020 by SIW2

[Vistapocalypse]

2 hours ago, lmacri said:

...could someone tell me which updates would have to be applied to a Vista SP2 OS to add SHA-2 code signing support?  ...I'm guessing that adding the Windows Server 2008 SP2 updates KB4474419: SHA-2 code signing support update and KB4493730: WU Service Stack Updates are required but I'd just like to confirm.

Confirmed. Those Windows 6.0 updates were released in 2019, so this thread’s title is somewhat perplexing (nothing has changed). You should definitely install the April 2019 SSU first. I would recommend that you then install the September 2019 SSU KB4517134, but I haven’t experimented enough to say that it is “required” for your purposes. Finally, install the latest version of  KB4474419. (The first version had issues.) But if your objective is to salvage Windows Update for Vista, I’m afraid you are barking up the wrong tree.

Any update for Windows 6.0 released in April 2019 or later will change the build number to 6003 (updates for IE9 being the only exception I know of), and it has been found that Windows Update gives “Vista 6003” the cold shoulder - but by all means try it yourself sometime.