EnableCertPaddingCheck

Richard Realejo 1 Reputation point
2022-11-07T21:14:10.617+00:00

Hello,
The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines.
I've read that the solution is to add the following to the registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

My question is, will this create a REG_SZ string value or a DWORD value, and which one should it be?

TIA

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,780 questions
{count} votes

6 answers

Sort by: Most helpful
  1. 2023-04-18T19:08:16.5833333+00:00

    trying making sure the 1 is a DWORD and not REG_SZ

    2 people found this answer helpful.
    0 comments No comments

  2. jandec 6 Reputation points
    2022-11-08T06:48:02.443+00:00

    Hi,
    When following the instructions and creating the .reg files as published in https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900, the registry keys are created as REG_SZ.

    HTH

    1 person found this answer helpful.

  3. Matt D. Sardi 35 Reputation points
    2023-03-24T12:41:41.0933333+00:00

    These registry keys will not remediate this issue. I have another request open for Microsoft to provided an updated and correct solution.

    1 person found this answer helpful.

  4. Machado, Claudemar (contracted) 0 Reputation points
    2023-01-17T19:16:51.5733333+00:00

    Hi, once I have created as REG_SZ, should I use content number 1 or the word "enable". ?


  5. Walsh, Liam 36 Reputation points
    2023-05-31T10:49:25.41+00:00

    What is the impact of this change? (apart from satisfying a vulernability scanner)