EnableCertPaddingCheck

Richard Realejo 1 Reputation point
2022-11-07T21:14:10.617+00:00

Hello,
The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines.
I've read that the solution is to add the following to the registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

My question is, will this create a REG_SZ string value or a DWORD value, and which one should it be?

TIA

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,856 questions
{count} votes

7 answers

Sort by: Most helpful
  1. 2023-10-10T11:19:36.1266667+00:00

    If a DWORD is required instead of instead of REG_SZ just run following as a *.bat file

    @echo off

    reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f

    reg add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f

    0 comments No comments

  2. Geoff Vass 0 Reputation points
    2024-11-15T01:42:57.52+00:00

    Microsoft has clarified the value is a REG_DWORD

    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.