Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
Is there any compatibility issue with App Control when adding the registry keys for EnableCertPaddingCheck as outlined in
CVE-2013-3900?
Answer
The Agent relies upon the Microsoft API (WinVerifyTrust) to validate certificates, and there are no compatibility concerns in adding the registry information to resolve the CVE.
Additional Notes
- The Microsoft SignTool can be used to compare against Agent certificate analysis.
- There is no functionality built into App Control to modify the registry/patch against this CVE.
- Customers should follow Microsoft's guidance in addressing the CVE in their environment.
Related Content