Enable Windows Authenticode signature verification

Microsoft Security Bulletin MS13-098

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

This security update is rated Critical for all supported releases of Windows.

The security update addresses the vulnerability by modifying how the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the vulnerability later in this bulletin.

https://technet.microsoft.com/library/security/ms13-098

 

For 32-bit versions of Microsoft Windows

Paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension (for example, enableAuthenticodeVerification.reg).

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] 
"EnableCertPaddingCheck"="1"

You can apply this .reg file to individual systems by double-clicking it.

Note You must restart the system for your changes to take effect.

 

For 64-bit versions of Microsoft Windows

Paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension (for example, enableAuthenticodeVerification64.reg).

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] 
"EnableCertPaddingCheck"="1"
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] 
"EnableCertPaddingCheck"="1"

You can apply this .reg file to individual systems by double-clicking it.

Note You must restart the system for your changes to take effect.

 

Impact of enabling the functionality changes included in the MS13-098 update. Non-conforming binaries will appear unsigned and, therefore, be rendered untrusted.

https://technet.microsoft.com/library/security/2915720

 

%d bloggers like this: