Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Changes in Windows Authenticode Signature Verification [Dec 13, 2013]


22 Jan 2014   #1
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 
Changes in Windows Authenticode Signature Verification [Dec 13, 2013]

Does some of you have enable the Authenticode Signature Verification in their Registry settings since this: Microsoft Security Bulletin MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)

??? ...It has to be done before June 10, 2014 (for those interrested) which i did.

Quote:
Test the Improvement to Authenticode Signature Verification.
Quote:
Microsoft recommends that customers test how this change to Authenticode signature verification behaves in their environment by enabling it prior to June 10, 2014. To enable the Authenticode signature verification improvements, modify the registry to add the EnableCertPaddingCheck value as detailed below.



Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification

Quote:
Published: Tuesday, December 10, 2013 | Updated: Friday, December 13, 2013
Version: 1.1
General Information

Executive Summary

Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until June 10, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after June 10, 2014, Windows will no longer recognize non-compliant binaries as signed.
Recommendation. Microsoft recommends that by June 10, 2014, executables authors ensure that all signed binaries comport with this new verification behavior by containing no extraneous information in the WIN_CERTIFICATE structure. Microsoft also recommends that customers appropriately test this change to evaluate how it will behave in their environments. Please see the Suggested Actions section of this advisory for more information.
Source: Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification


My System SpecsSystem Spec
.

Reply

 Changes in Windows Authenticode Signature Verification [Dec 13, 2013]




Thread Tools



Similar help and support threads for2: Changes in Windows Authenticode Signature Verification [Dec 13, 2013]
Thread Forum
Office 2013 --OUTLOOK 2013 requires Internet connection to set up Microsoft Office
Solved Verification: Windows 7 Upgrade Retail Disc on new HDD Installation & Setup
Outlook 2013 (Office 2013) Help to De-Uglify Microsoft Office
ATM 2013 (Acronis True Image 2013) with USB3 HDD Backup and Restore
Windows Live Account Blocked - How Do I Obtain Verification Code? Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:09 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33