Clarify that Security Advisory 2915720 is opt-in #1018
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
WinVerifyTrust and WinVerifyTrustEx functions (wintrust.h) have a note regarding WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900). This note leads to Security Advisory 2915720 which prompts administrators to configure `EnableCertPaddingCheck` registry key for additional validation. The WinVerifyTrust{,Ex} function documentation states that registry key value will be set to "1" by default "on June 10, 2014" however this is not correct. The Advisory linked was amended, as to initially push back the defaults change, and then amended (V1.4) on July 29, 2014 as to clarify there are no active plans to set "1" as default. These documents are being updated, as to avoid conflicting information and potential resulting confusion among system administrators, who are reading Microsoft documentation to understand the change.
sigv
force-pushed
the
advisory-2915720-optin
branch
from
c7ee62e to
d4b8ffd
Compare
|
@sigv : Thanks for your contribution! The author(s) have been notified to review your proposed change. |
|
Force-pushed with updated author details, to comply with CLA requirements. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WinVerifyTrust and WinVerifyTrustEx functions (wintrust.h) have a note regarding WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900). This note leads to Security Advisory 2915720 which prompts administrators to configure
EnableCertPaddingCheckregistry key for additional validation.The WinVerifyTrust{,Ex} function documentation states that registry key value will be set to "1" by default "on June 10, 2014" however this is not correct. The Advisory linked was amended, as to initially push back the defaults change, and then amended (V1.4) on July 29, 2014 as to clarify there are no active plans to set "1" as default.
These documents are being updated, as to avoid conflicting information and potential resulting confusion among system administrators, who are reading Microsoft documentation to understand the change.