Hey everyone! I recently ran a vulnerability scan and found that a couple of my PCs are still showing the CVE-2013-3900 vulnerability. I followed the instructions from a post that suggested editing the registry entry for EnableCertPaddingCheck to 1. I made changes in both \HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Wintrust\Config and \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Wintrust\Config. However, the vulnerability status is still active. I'm using CarbonBlack for the scans. Any advice or additional steps I should take? Thanks!
2 Answers
Make sure you've set `EnableCertPaddingCheck=1` in both the 64-bit and 32-bit registry paths. Here's what you need to check:
For 64-bit systems:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"
For 32-bit systems (just ignore the Wow6432Node path):
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"
Double-check to confirm that your scanner is detecting the right path too.
Did you remember to restart the PCs after you made those registry changes? Sometimes those updates need a reboot to take effect.
Haha, no worries! Yes, I did reboot the PCs after making the changes.