CVE-2013-3900

Question

CVE-2013-3900

Deas-h opened this issue a year ago · comments

Deas-h commented a year ago

Hello, another one that was discovered on a recent internal sec-check:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900

Is this something you would add?

Brgds Deas

Florian Stosse · Answer 1 · Thu Apr 06 2023 17:46:31 GMT+0800 (China Standard Time)

Hi,

This particular policy is already included since release v1.0.17 (cf. #4 and ad2a697), but the strict authentication mechanism was fixed in v1.0.29, as I was wrongly using a DWORD type for the key, while I should have used a REG_SZ (cf. a247e75)

The policy is named "Enable the strict Authenticode signature verification mechanism" under "Additional system hardening settings".

Best regards !

Deas-h · Answer 2 · Thu Apr 06 2023 20:16:33 GMT+0800 (China Standard Time)

Oh - Sorry!!!!!