how to remediate WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

Matt D. Sardi 35 Reputation points
2023-03-24T12:40:01.15+00:00

Good morning,

I have been working to remediate this vulnerability by adding the proposed keys to two of my test servers, however, tenable continues to show that these servers are still vulnerable despite both registry keys being added and set to enable or disable.

To clarify, I have create a .reg file and imported them as is, enabled, and disabled and then rebooting the servers to no avail.

Is there an updated remediation for this as clearly the addition of the following keys does not resolve the issue?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"

Thanks!

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,912 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-03-24T13:10:49.82+00:00

    Id confirm your results with tenable first then, if needed, you can report the vulnerability here.

    https://msrc.microsoft.com/

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.