How to remediate CVE-2013-3900?

Question

Hi,

When Microsoft released the remediation steps for this vulnerability, the data type of registry value "EnableCertPaddingCheck" = 1 as REG_SZ and we set this value as "REG_SZ" across all computers. However, I can see that Microsoft changed the data type from "REG_SZ" to "REG_DWORD" on Nov 12th, 2024.

So, my question is if we need to set the value again as "REG_DWORD" or having it as "REG_SZ" as per the initial recommendation is enough to arrest this vulnerability.

Any help would be greatly appreciated on this.

Thanks and Regards,

D.Dhanraj

Answer 1

Hello,

Based on the information in the link below, Microsoft recommends that customers test how this change to Authenticode signature verification behaves in their environment before fully implementing it. To enable the Authenticode signature verification improvements, modify the registry to add the EnableCertPaddingCheck value as detailed below. Note that EnableCertPaddingCheck is data type REG_DWORD (an integer value) and not data type string: "EnableCertPaddingCheck"=dword:1.

CVE-2013-3900 - 安全更新程序指南 - Microsoft - WinVerifyTrust 签名验证漏洞

Best Regards,

Hania Lian

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

For issues like this, it’s important to stay up to date with Microsoft’s official guidelines. Regarding vulnerabilities, if you're also handling sensitive data, it's always good to ensure you're following the proper protocols for security and compliance. For example, keeping an eye on resources like Branch County Jail Inmate Lookup or Criminal History can help you stay on top of your environment’s safety and ensure that any potential risks are mitigated. Let me know if you need further insights!