This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines.
I've read that the solution is to add the following to the registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"
My question is, will this create a REG_SZ string value or a DWORD value, and which one should it be?
TIA
These registry keys will not remediate this issue. I have another request open for Microsoft to provided an updated and correct solution.
I too have the same issue that the registry values do not remediate the issue. Please post the fix; IF MS actually provides you with an answer.
Have you confirmed this? Any update from your request to Microsoft?
Hi Matt, why are you affirming this? Can you share more information with us?
trying making sure the 1 is a DWORD and not REG_SZ
Hi,
When following the instructions and creating the .reg files as published in https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900, the registry keys are created as REG_SZ.
HTH
thank you
Hi, once I have created as REG_SZ, should I use content number 1 or the word "enable". ?
All documentation for this CVE says to set the value to either zero which represents false or 1 which represents true.
False = disabled
True = enabled
However, these reg keys do not remediate this vuln. I am still waiting on a proper fix to remediate microsoft's vulnerability.
What is the impact of this change? (apart from satisfying a vulernability scanner)