WinVerifyTrust Signature Validation Vulnerability

Question

I got this WinVerifyTrust Signature Validation Vulnerability from a vulnerability scanner in SharePoint servers and other servers and its height Severity, which means it must solve.

Below are details of this vulnerability:

Plugin Name: 

• WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

Plugin Output: 

• Nessus detected the following potentially insecure registry key configuration:

Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck 

From the Plugin Output, it sounds like we need to add this key to the registry, but I can't find the path of this key in the registry.

Answer 1

WinVerifyTrust Signature Validation

To close this vulnerability simply add a key to the registry EnableCertPaddingCheck and set it to 1 for the path you get from the Plugin Output.
The below Steps is the Solution for WinVerifyTrust Signature Validation Vulnerability:

1) Paste the below text to notepad or any text editor then save the file to .reg extension such as "WinVerifyTrust.reg"
For 32-bit:

Windows Registry Editor Version 5.00  
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]   
"EnableCertPaddingCheck"="1"  

For 64-bit:

Windows Registry Editor Version 5.00  
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]   
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] 
"EnableCertPaddingCheck"="1"

2) Run the file you created by double-clicking.

3) Check the two paths in the registry as shown in the image.

You must reboot the server for your changes to take effect

---

References:

• https://learn.microsoft.com/en-us/security-updates/securityadvisories/2014/2915720