March 31st 2023
Ref: bleepingcomputer
Interesting article by Lawrence Abrams that caught my eye..
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still “opt-in” after all these years. Even worse, the fix is removed after upgrading to Windows 11…..
A registry fix has been supplied within the article:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
“EnableCertPaddingCheck”=”1”[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
“EnableCertPaddingCheck”=”1”
The author follows on to share his feedback..
I enabled the optional fix, used the computer as usual throughout the day, and did not run into any issues that made me regret my decision.
While this may cause an issue with some installers, like Google Chrome, not showing as signed, the added protection is worth the inconvenience.
Will Dormann reveals troubling authenticode findings over on twitter
Both Windows 10 and 11 are affected but no mention of whether earlier and subsequent Windows Server editions will be affected? (I’d imagine so..)
