KB2915720: Changes in Windows Authenticode Signature Verification

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has not enabled a recommended Windows
Authenticode configuration change.

Description :

The remote Windows host has not enabled the Windows Authenticode
signature verification certificate padding check. This means
extraneous information can be included in signed binaries.

Note that Microsoft announced on July 29, 2014, that it no longer
plans to enforce the stricter signature verification behavior by
default, which would have caused previously-signed binaries to be
considered unsigned if they contained extraneous information in the
WIN_CERTIFICATE structure of the signed executable. It does, though,
remain an opt-in feature.

Note also that this plugin will report if the Windows Authenticode
signature verification has been enabled provided that the 'Report
paranoia' Global variable setting preference is set to 'Paranoid (more
false alarms)'.

See also :

https://technet.microsoft.com/en-us/security/advisory/2915720

Solution :

Apply the suggested actions referenced in Microsoft Security Advisory
(2915720). These actions may cause previously signed binaries to be
considered unsigned. Refer to the advisory for more information.

Risk factor :

None

Family: Windows

Nessus Plugin ID: 71322 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now