Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020. Security researchers released a report in 2015 that found that the algorithm is vulnerable to collision attacks that could allow attackers to create forgeries of digital certificates to impersonate a company or another website. These forgeries can then be used in phishing attacks, to spoof companies, or in man-in-the-middle attacks to listen in on encrypted network sessions. Microsoft and other developers have been moving away from SHA1 certificates and requiring SHA-2 to be used to install Windows updates.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/