Skip to content

v2026.07.0016 - Release Notes

Latest

Choose a tag to compare

@FirstEverTech FirstEverTech released this 12 Jul 20:20

🩹 Hotfix Release: v2026.07.0016

🆕 What's Fixed

Certificate Expiration Check Incorrectly Rejected Valid Older Installers

Problem: v2026.07.0015 added a hard certificate-expiration check to Verify-FileSignature:

if ($signature.SignerCertificate.NotAfter -lt (Get-Date)) {
    return $false
}

This rejected any Intel installer whose signing certificate has since expired — including installers that worked correctly in v2026.05.0014 and whose Authenticode signature is still cryptographically valid.

Root cause: Get-AuthenticodeSignature's $signature.Status already correctly evaluates signature validity, taking RFC3161 timestamping into account. A signature timestamped while the certificate was still valid remains authentic and trustworthy indefinitely, regardless of the certificate's current NotAfter date. The added raw NotAfter comparison duplicated — and incorrectly overrode — this logic, since it doesn't check whether the signature was timestamped, only whether the certificate is expired today.

Impact: Older Intel chipset installers with expired signing certificates (common for legacy chipset packages) were flagged as FAIL: Certificate expired and blocked from installing, even though the underlying INF files were fully valid and the signature chain was authentic.

Fix: Removed the manual NotAfter -lt (Get-Date) check entirely. Signature authenticity is now validated solely via:

  1. Signer identity match (one of the 3 recognized Intel certificate patterns, or the FirstEver.tech exception)
  2. Get-AuthenticodeSignature status (already timestamp-aware)
  3. Signature algorithm check (SHA256 preferred, SHA1 accepted — warning only, non-blocking)

No other behavior from v2026.07.0015 was changed — EOL device handling, multi-signer support, the FirstEver.tech exception, credits/ads screen, and parser improvements are all unchanged.

🔧 Full Changelog

Core Updater (universal-intel-chipset-device-updater.ps1)

Signature Verification:

  • Removed manual certificate expiration check (SignerCertificate.NotAfter -lt Get-Date) from Verify-FileSignature
  • Signature validity now relies on Get-AuthenticodeSignature's timestamp-aware Status field, signer identity matching, and algorithm checks only

No changes to EOL parsing, database format, credits screen, or any other v2026.07.0015 functionality.

📋 Release Files

  • universal-intel-chipset-device-updater.ps1 — Main updater script (v2026.07.0016)
  • ChipsetUpdater-2026.07.0016-Win10-Win11.exe — Self-extracting package (includes updated script)
  • intel-chipset-infs-latest.md — Unchanged from v2026.07.0015
  • intel-chipset-infs-download.txt — Unchanged from v2026.07.0015

🔒 Security Notes

  • This is a compatibility fix, not a weakening of security: rejected files were legitimate, unmodified Intel installers. Signature authenticity (signer identity + Authenticode status + algorithm) is still fully enforced — only the redundant/incorrect raw expiration comparison was removed.

📝 Notes

  • Recommended for everyone on v2026.07.0015 who saw FAIL: Digital signature verification - Certificate expired. for installers that previously worked in v2026.05.0014.
  • Backward Compatibility: Fully compatible with existing databases and installer packages; no database changes in this release.

Full changelog →

Download Universal Intel Chipset Device Updater