EnableCertPaddingCheck

Richard Realejo 1

Hello,
The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines.
I've read that the solution is to add the following to the registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"

My question is, will this create a REG_SZ string value or a DWORD value, and which one should it be?

TIA

Robert Ben Jordan 0 Reputation points

2024-06-18T19:38:00.47+00:00
When you add the entries to the registry as mentioned:

They should be created as REG_SZ (string) values, not as DWORD values.

You'll need to create a new string value named "EnableCertPaddingCheck" under the specified registry paths.

Set the value of "EnableCertPaddingCheck" to "1" (without quotes).

After making these changes, restart your computer for the changes to take effect.

This approach should help mitigate the WinVerifyTrust Signature Validation CVE-2013-3900 issue on your Windows 10 machines. If you have any more questions or need further assistance, feel free to ask at mynsfaslogins.

6 answers

Marc Thornton - IT Server & Cloud Engineer 0 Reputation points

2023-10-10T11:19:36.1266667+00:00

If a DWORD is required instead of instead of REG_SZ just run following as a *.bat file

@echo off

reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" /v "EnableCertPaddingCheck" /t REG_DWORD /d 1 /f
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

EnableCertPaddingCheck

6 answers