Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based certificates after 2016.
Does it mean that all signatures created with SHA1 algorithm will be not valid?
Or only certificates used the SHA-1 algorithm will be not valid in newer operation systems?
The latter.
It would be very strange if the cryptographic security provider would not be able to handle PKCS#1 signatures with SHA1 anymore. What will happen is that certificate chain validation will not allow the SHA-1 signature to be used for certificate verification (except for the trusted/root certificate, because these are explicitly trusted in the first place).
As stated in the advisory:
The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016.
This seems to only affect intermediate CA certificates although I would not be surprised if e.g. IE would also disallow the use of SHA-1 for chain validation for lower intermediate CA's and end user certificates.
The updates also indicate that Microsoft won't allow any certificates to be signed using SHA-1 within a chain for TLS.
As for the "newer operating systems" part of the question: I would expect policy change to be implemented for all supported platforms (at the time the change is introduced).
Note that the use of SHA-1 for signature verification will be pretty dangerous, especially if the contents can be controlled. This is very much the case when the signature is used for non-repudiation. It is much less the case if the signature is used for e.g. challenge verification in a challenge response protocol where the input is ephemeral and generated by the party that performs the verification.
