Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Changes in Windows Authenticode Signature Verification

  • Please log in to reply
1 reply to this topic

#1 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,895 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 29 July 2014 - 06:53 PM

Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed. Note that Microsoft may make this a default behavior in a future release of Microsoft Windows.

Microsoft Security Advisory 2915720
Microsoft Security Bulletin MS13-098 - Critical

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)


#2 palerider2


  • Members
  • 133 posts
  • Gender:Male
  • Local time:04:15 AM

Posted 29 July 2014 - 09:40 PM

Interesting. Sounds like it's not possible to implement this additional security on every PC. I read the article but didn't quite get to understand why that is.

This development goes back to last year, at which time I wasn't aware of it. So it's good that it's come back up.

I'm guessing here that this security feature can be used by (for example) the producers of A/V and firewall software packages, so that their products update themselves securely. That would potentially overcome the threat posed by man-in-the-middle attacks.

But if the said producers don't adopt the security measure, then their users remain at risk. Quite recently my A/V product starting checking for updates without asking permission. I guess it reached a hidden time limit and just decided it was going to try. (Interesting in itself). Not long after that I got weird behaviour on the PC again. Had to flatten the PC. But if that supplier had been doing secure updates, that problem wouldn't have occurred.

Anyway, back to the secure update feature, would I be right to conclude that MS discovered a vulnerability in Authenticode - the old version ?

Edit to make the paragraphs visible

Edited by palerider2, 29 July 2014 - 09:41 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users