Cadzow Knowledgebase


Welcome
Contact Us
Professional
Services

Consulting
Knowledgebase/
Site Search

Remote Support

Print Friendly

It's A DWORD After All

If you're using the EnableCertPaddingCheck setting to resolve the issues from CVE-2013-3900, the initial instructions described the registry value as a REG_SZ value; that is, a text string. This was always strange given the relevant values are 0 or 1 to disable or enable the new behaviour.

As of 2024, Microsoft have verified that the value is a REG_DWORD, so any existing implementations of this setting will need to be rewritten. The good news is that a new REG command will simply overwrite the existing value and change the type:

reg add HKLM\Software\Microsoft\Cryptography\Wintrust\Config /v EnableCertPaddingCheck /d 1 /t REG_DWORD /f
reg add HKLM\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config /v EnableCertPaddingCheck /d 1 /t REG_DWORD /f

Copyright © 1996-2023 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au