Worklet: WinVerifyTrust Signature Validation Vulnerability mitigation (CVE-2013-3900)

  • 25 August 2022
  • 0 replies
  • 127 views

Badge

This is an older CVE that was reissued by Microsoft January 21 2022. There is no patch for this vulnerability. It affects all current and previous versions of Windows OS. And is considered “opt-in” with no plans to enforce stricter verification. This is listed in the CISA known exploited vulnerabilities catalog.

Updated reissue:
CVE-2013-3900 - Security Update Guide - Microsoft - WinVerifyTrust Signature Validation Vulnerability

Other:
https://nvd.nist.gov/vuln/detail/CVE-2013-3900
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-098

Evaluation code:

#Clears all errors prior to running script
$Error.Clear()

#All values tested
$Value1 = Test-Path -Path "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust\Config"
$Value2 = Test-Path -Path "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
$Value3 = Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust\Config" -Name "EnableCertPaddingCheck"
$Value4 = Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" -Name "EnableCertPaddingCheck"

#Test that both $Value1 and $Value2 are True
if (("True" -ne $Value1) -or ("True" -ne $Value2))
{
Exit 1
}
#Test that both $Value3 and $Value4 equal 1
elseif (("1" -ne $Value3) -or ("1" -ne $Value4))
{
Exit 1
}
#Test that there were no errors. When testing $Value3 and $Value4, if no entry exists a non-terminating error will be thrown.
elseif ("0" -ne $Error.Count)
{
Exit 1
}
else
{
Exit 0
}


Remediation code:

#Final registry key paths
$32bitpath = "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust\Config"
$64bitpath = "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"

#Registry entry name
$RegentryName = "EnableCertPaddingCheck"

#Required registry key paths
$path1 = "HKLM:\\SOFTWARE\Microsoft\Cryptography"
$path2 = "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust"
$path3 = "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography"
$path4 = "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust"

#Creates required keys
New-Item -Path $path1 -Name "Wintrust"
New-Item -Path $path2 -Name "Config"
New-Item -Path $path3 -Name "Wintrust"
New-Item -Path $path4 -Name "Config"

#Creates registry in final key path
New-ItemProperty -Path $32bitpath -Name $RegentryName -Value "1"
New-ItemProperty -Path $64bitpath -Name $RegentryName -Value "1"

 


0 replies

Be the first to reply!

Reply