Microsoft will stop support for .NET Framework 4.5.2, 4.6, 4.6.1 on April 26, 2022

Microsoft announced that multiple versions of the .NET Framework signed with the traditional, insecure Secure Hash Algorithm 1 (SHA-1) will stop supporting next year.

According to Jamshed Damkewala, the chief engineering manager of .NET, the .NET framework 4.5.2, 4.6, and 4.6.1 will stop support on April 26, 2022, and no updates including security fixes or technical support will be provided for these versions at that time. The only exception is the .NET Framework 4.6 version built into Windows 10 Enterprise LTSC 2015, and its support will be extended until October 2025, when the operating system reaches End of Support.

In addition, Microsoft also recommends that .NET developers migrate their applications to at least .NET Framework 4.6.2 or later before April 26, 2022, in order to continue to receive security updates and technical support. Both .NET Framework 4.6.2 and 4.8 are stable versions and have good compatibility. If the application is built using the .NET framework 4-4.6.1, in most cases, it can continue running in 4.6.2 and later without recompilation or relocation.

The reason for this is that these versions are digitally signed with certificates that use the traditional SHA-1 encrypted hash algorithm, and this algorithm is now proven to be insecure. Attackers can forge numbers through SHA-1 vulnerabilities to impersonate a company or website. After the Windows update signature changed to use the SHA-2 algorithm, the Microsoft Download Center removed all Windows-signed SHA-1 content in August 2020. And, starting on May 9th of next month, all major Microsoft services and programs (including code signing, file hashing, and TLS certificates) will fully use the SHA-2 algorithm.