What is the WinVerifyTrust Signature Validation Vulnerability?
The WinVerifyTrust Signature Validation vulnerability is a remote code execution vulnerability in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An attacker can exploit this vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature.
How to mitigate the WinVerifyTrust Signature Validation Vulnerability?
- Apply the latest security updates from Microsoft. Microsoft has released security updates that address this vulnerability. You can check for updates by going to Windows Update and clicking on Check for updates.
- Use a third-party antivirus or anti-malware solution. A third-party antivirus or anti-malware solution can help to detect and remove malicious files that exploit this vulnerability.
- Be careful about what software you install. Only install software from trusted sources. Avoid opening attachments or clicking on links from unknown senders.
- Enable strict Windows Authenticode signature verification. You can enable strict Windows Authenticode signature verification by adding the following registry keys:
Modify the registry to add the EnableCertPaddingCheck value as detailed below.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config “EnableCertPaddingCheck”=”1”
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config “EnableCertPaddingCheck”=”1”
OR
Open new notepad, add the text below and save as the file in (.reg) format. Simple Right click and merge the registry key.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
“EnableCertPaddingCheck”=”1”
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
“EnableCertPaddingCheck”=”1”
OR
Simply Execute the below PowerShell commands (Make sure to copy the code to Notepad and check all 4 lines are saperated)
New-Item ‘HKLM:\Software\Microsoft\Cryptography\Wintrust\Config’ -Force
New-ItemProperty -Path ‘HKLM:\Software\Microsoft\Cryptography\Wintrust\Config’ –PropertyType ‘String’ -Name ‘EnableCertPaddingCheck’ -Value ‘1’
New-Item ‘HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config’ -Force
New-ItemProperty -Path ‘HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config’ –PropertyType ‘String’ -Name ‘EnableCertPaddingCheck’ -Value ‘1’
Conclusion
The WinVerifyTrust Signature Validation vulnerability is a serious security vulnerability that can be exploited by attackers to gain control of your system. By following the mitigation steps outlined above, you can help to protect yourself from this vulnerability.
In addition to the above mitigation steps, you can also take the following steps to improve your overall security posture:
- Use strong passwords and don’t reuse them across multiple accounts.
- Enable two-factor authentication whenever possible.
- Keep your software up to date.
- Be aware of the latest threats and educate yourself about how to protect yourself.
- By following these steps, you can help to keep your systems safe from attack.
Samdani Pasha
Author works as an IT Engineer in a MNC based in India. He holds 7+ years of experience in IT Cloud & Operations and would love to share his experiences. Basically, transforms his daily experience to blogs.