Share via

EnableCertPaddingCheck

Glenn Maxwell 12,876 Reputation points
2023-02-18T03:44:19.22+00:00

Hi All

i have the CVE-2013-3900 vulnerability(WinVerifyTrust Signature Validation Vulnerability). i need to add the below registry values to fix it.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-02-18T23:19:37.79+00:00

    Hi @Glenn Maxwell

    Try this script, it works on my machine:

    $registryPath = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Conf"

$Name = "EnableCertPaddingCheck"

$value = "1"

IF(!(Test-Path $registryPath))

    {

    New-Item -Path $registryPath -Force | Out-Null

    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType String -Force | Out-Null
    }

 ELSE 
    {

    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType String -Force | Out-Null
    }

    Please d'on't forget to mark helpful answer

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nijkamp, Wim 10 Reputation points
    2023-06-16T07:23:30.97+00:00

    I believe the RegistryPath is wrong.

    $registryPath = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Conf"

    This should be:

    $registryPath = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"

    See: https://www.tenable.com/plugins/nessus/166555

    2 people found this answer helpful.
    0 comments
  2. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-02-18T13:02:18.79+00:00

    Hi @Glenn Maxwell

    You can use Powershell to create the Path if it's not exist before the registry key . Below a example :

    $registryPath = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Conf"

$Name = "EnableCertPaddingCheck"

$value = "1"

IF(!(Test-Path $registryPath))

  {

    New-Item -Path $registryPath -Force | Out-Null

    New-ItemProperty -Path $registryPath -Name $name -Value $value `

    -PropertyType DWORD -Force | Out-Null}

 ELSE {

    New-ItemProperty -Path $registryPath -Name $name -Value $value `

    -PropertyType String -Force | Out-Null}
$registryPath = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Conf"

$Name = "EnableCertPaddingCheck"

$value = "1"

IF(!(Test-Path $registryPath))

    {

    New-Item -Path $registryPath -Force | Out-Null

    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType String -Force | Out-Null
    }

 ELSE 
    {

    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType String -Force | Out-Null
    }

    The links below may help you:

    New-ItemProperty

    Update or Add Registry Key Value with PowerShell

    Please don't forget to mark helpful answer as accepted

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.