SHA-1 is a cryptographic hash that is no longer secure. If SHA-1 hashing algorithm is used in digital certificates, an attacker can perform phishing attacks or man-in-the-middle attacks. To keep its users protected, Microsoft yesterday announced that it will retire content that is Windows-signed for SHA-1 from the Microsoft Download Center on August 3, 2020. Microsoft recommends customers to move to SHA-2 algorithm for secure connections.
Beginning in August 2019, devices without SHA-2 support have not received Windows updates. If you are still reliant upon SHA-1, we recommend that you move to a currently supported version of Windows and to stronger alternatives, such as SHA-2.
Customers with legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) should have SHA-2 code signing support installed on their devices to receive updates from Microsoft. You can learn more about it here.