CVE 2013 3900 Republished Vulnerability

paulFSM 2022-03-03 15:49:56 UTC #1

Has anyone built out a Fixlet/task to protect endpoints against CVE 2013 3900. It looks like it has been republished. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900.

Thanks,
Paul

ADL 2022-03-04 10:32:21 UTC #2

Hi Paul,
the patch team is working on a Vulnerability Fixlet to update the setting as mentioned in CVE-2013-3900, which otherwise will have to be done manually.
It’s going to be an optional Fixlet, Admins can chose to run it based on their criteria.

We are planning to release the content by Monday EOD.

Thanks
Alessandro

paulFSM 2022-03-04 22:09:02 UTC #3

createfile until @end
Windows Registry Editor Version 5.00

if {x64 of operating system}
RegSet64[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] “EnableCertPaddingCheck”=“1”

elseif {x64 of operating system} regset64[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] “EnableCertPaddingCheck”=“1”

else {not x64 of operating system} [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] “EnableCertPaddingCheck”=“1”

endif

@end

move __createfile cve20133900republished.reg
waithidden regedit /s “cve20133900republished.reg”

action requires restart

paulFSM 2022-03-08 19:54:28 UTC #4

@ADL, Thank you and your team for this.

Content in the Patches for Windows site has been modified

New:

Major (ID:201339001) Enable hardening changes for WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900)
Major (ID:201339002) Disable hardening changes for WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900)

Reason for Update:

New fixlets for the vulnerability CVE-2013-3900