Share via

EnableCertPaddingCheck

Richard Realejo 1 Reputation point
Nov 7, 2022, 9:14 PM

Hello,
The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines.
I've read that the solution is to add the following to the registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

My question is, will this create a REG_SZ string value or a DWORD value, and which one should it be?

TIA

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,858 questions
{count} votes

7 answers

Sort by: Most helpful
  1. Oct 10, 2023, 11:19 AM

    If a DWORD is required instead of instead of REG_SZ just run following as a *.bat file

    @echo off

    reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f

    reg add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f

    0 comments No comments

  2. Geoff Vass 0 Reputation points
    Nov 15, 2024, 1:42 AM

    Microsoft has clarified the value is a REG_DWORD

    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.