It's A DWORD After AllIf you're using the EnableCertPaddingCheck setting to resolve the issues from CVE-2013-3900, the initial instructions described the registry value as a REG_SZ value; that is, a text string. This was always strange given the relevant values are 0 or 1 to disable or enable the new behaviour. As of 2024, Microsoft have verified that the value is a REG_DWORD, so any existing implementations of this setting will need to be rewritten. The good news is that a new REG command will simply overwrite the existing value and change the type: reg add HKLM\Software\Microsoft\Cryptography\Wintrust\Config /v EnableCertPaddingCheck /d 1 /t REG_DWORD /f reg add HKLM\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config /v EnableCertPaddingCheck /d 1 /t REG_DWORD /f |