Patch Builder V132 Upd Direct

Patch Builder v132 upd deprecates SHA-1 code-signing support entirely. The update integrates with Windows Hardware Certification Kit (HCK) v3 and now requires EV (Extended Validation) code-signing certificates by default for production patches. Unauthorized unsigned patches will trigger an explicit block in deployment.

Solution: Ensure the "baseline version" metadata in your patch matches the exact file hash of the installed version on target machines. Use the Inventory Tool inside v132 upd to generate a reference hash from a clean reference machine.

The "upd" suffix denotes a cumulative update package. Unlike a full major release (e.g., v133), v132 upd sits atop the v132 baseline, incorporating fixes and enhancements without breaking existing build pipelines. Here are the headline changes: patch builder v132 upd

Solution: v132 upd changes how it accesses the Windows Certificate Store. Re-import your EV cert via certlm.msc (Local Machine store → Personal). Then, in Patch Builder → Settings → Signing, click "Refresh Store."

Select your EV certificate. v132 upd now displays the certificate’s expiration and thumbprint. Click Build. Output formats: .exe (self-contained), .msi (for group policy), or native .patch for ConnectWise. Patch Builder v132 upd deprecates SHA-1 code-signing support

For new users, download the full Patch Builder v132 upd offline installer. The setup wizard includes all prerequisites (VC++ Redist, .NET 6.0 runtime, and Windows SDK for manifest generation). No previous version is required.

Prerequisites:

Installation Process: