Welcome to deBUG.to Community where you can ask questions and receive answers from Microsoft MVPs and other experts in our community.
2 like 0 dislike
in Windows Server by 66 69 85

I got this WinVerifyTrust Signature Validation Vulnerability from a vulnerability scanner in SharePoint servers and other servers and its height Severity, which means it must solve.

Below are details of this vulnerability:

Plugin Name: 

  • WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)

Plugin Output: 

  • Nessus detected the following potentially insecure registry key configuration:

From the Plugin Output, it sounds like we need to add this key to the registry, but I can't find the path of this key in the registry.

1 Answer

2 like 0 dislike
by 66 69 85
selected by
Best answer

WinVerifyTrust Signature Validation

To close this vulnerability simply add a key to the registry EnableCertPaddingCheck and set it to 1 for the path you get from the Plugin Output.
The below Steps is the Solution for WinVerifyTrust Signature Validation Vulnerability:

1) Paste the below text to notepad or any text editor then save the file to .reg extension such as "WinVerifyTrust.reg"
For 32-bit:

Windows Registry Editor Version 5.00  

For 64-bit:

Windows Registry Editor Version 5.00  


2) Run the file you created by double-clicking.

3) Check the two paths in the registry as shown in the image.


You must reboot the server for your changes to take effect


If you don’t ask, the answer is always NO!