Detections
Analytics
KB2915720: Changes in Windows Authenticode Signature Verification
info Nessus Plugin ID 71322
Language:
Synopsis
The remote Windows host has not enabled a recommended Windows Authenticode configuration change.Description
The remote Windows host has not enabled the Windows Authenticode signature verification certificate padding check. This means extraneous information can be included in signed binaries.Note that Microsoft announced on July 29, 2014, that it no longer plans to enforce the stricter signature verification behavior by default, which would have caused previously-signed binaries to be considered unsigned if they contained extraneous information in the WIN_CERTIFICATE structure of the signed executable. It does, though, remain an opt-in feature.
Note also that this plugin will report if the Windows Authenticode signature verification has been enabled provided that the 'Report paranoia' Global variable setting preference is set to 'Paranoid (more false alarms)'.
Solution
Apply the suggested actions referenced in Microsoft Security Advisory (2915720). These actions may cause previously signed binaries to be considered unsigned. Refer to the advisory for more information.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2915720
Plugin Details
Severity: Info
ID: 71322
File Name: smb_kb2915720.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows
Published: 12/11/2013
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated, SMB/WindowsVersion
Patch Publication Date: 12/10/2013