This is the Trace Id: 37823e371a1b196e4464a4ad2911a21e
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Mission Cyber Defense Operations Center Coordinated Vulnerability Disclosure Social Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Verifying update hashes

MSRC
/ By MSRC /

Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the Frequently Asked Questions (FAQ) section of each bulletin for convenience.

From PowerShell you can easily leverage the .Net Cryptographic Services to define a get-sha256 function like Mike Wilbur has done here. And though it should go without saying, I will say it anyhow - you should not use script or code from untrusted sources.

function get-sha256 {param($file);[system.bitconverter]::tostring([System.Security.Cryptography.sha256]::create().computehash([system.io.file]::openread((resolve-path $file)))) -replace “-”,""
}

Let’s verify the hashes for the MS12-071:

After downloading the msu files we can simply iterate through the directory listing getting the sha2 hash for each file.

If you prefer not to use the .Net Cryptographic Services you could also verify sha1 hashes with the File Checksum Integrity Verifier utility available in KB 841290.

Though most people will not find the need to go to these lengths as automatic updates stream line the process of providing a secure means of distributing updates, we continually work to raise the bar as part of our ongoing drive to evaluate defense-in-depth efforts and provide improvements.

Thank you,

Dustin Childs
Group Manager
Microsoft Trustworthy Computing

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads