来源

关联漏洞

介绍

#CVE-2013-3900 is a remote code execution vulnerability in the way Microsoft's WinVerifyTrust function handles Windows Authenticode signature verification. This flaw allows an attacker to modify a signed executable file by adding malicious code to an unverified portion #of the file without invalidating its signature.

#The mitigation for this vulnerability is an opt-in feature that requires a specific registry setting. Once enabled, Windows will perform a stricter verification of Authenticode signatures, ensuring that no extraneous data is present in the signed file.


# -WinVerifyTrust-Signature-Validation-CVE-2013-3900-Mitigation

# Define the registry key paths
$regPath32 = "HKLM:\Software\Microsoft\Cryptography\Wintrust\Config"
$regPath64 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
$valueName = "EnableCertPaddingCheck"
$valueData = 1

# Check and create the registry key for 64-bit systems
if (-not (Test-Path $regPath64)) {
    New-Item -Path $regPath64 -Force | Out-Null
    Write-Host "Created registry path: $regPath64"
}

# Set the registry value for 64-bit systems
Set-ItemProperty -Path $regPath64 -Name $valueName -Value $valueData -Type DWord -Force | Out-Null
Write-Host "Set $valueName to $valueData in $regPath64"

# Check and create the registry key for 32-bit systems
if (-not (Test-Path $regPath32)) {
    New-Item -Path $regPath32 -Force | Out-Null
    Write-Host "Created registry path: $regPath32"
}

# Set the registry value for 32-bit systems
Set-ItemProperty -Path $regPath32 -Name $valueName -Value $valueData -Type DWord -Force | Out-Null
Write-Host "Set $valueName to $valueData in $regPath32"

Write-Host "`nMitigation script complete."

文件快照

 [4.0K]  /data/pocs/e2c3c9797efc388c824ac2975d2d3a8fd6dc1962
└── [1.7K]  README.md

0 directories, 1 file

备注