@KrisP120 - but why waste time and effort with pushing out that script
when the simple Enabled/Disabled setting in the "MS Security Guide" ADMX
does it correctly (and more sensibly)?
@mdeklavon : Please try to deploy the below script forcing type REG_SZ
instead of DWORD on both the nodes to mitigate CVE-2013-3900.# Specify
the registry path and values$registryPath =
"HKLM:\Software\Microsoft\Cryptography\Wintrust\Config"$registryValues =
@{"EnableCertPaddingCheck" = "1"} # Set t...
@AaronMargosis_Tanium, thank you so much for the extra information and
explaining how Windows processes the data! Seeing Microsoft insist in
multiple documents that it is REG_SZ had me thinking something in the
backend required it. This is what I get for not testing. Thank you for
helping me us the ...
@mdeklavon : EnableCertPaddingCheck should be a REG_DWORD. MSRC's
documentation should be corrected; I submitted the information below to
MSRC, but so far they've decided to take no action. Insisting that the
value is a REG_SZ is the suboptimal path. I did a bunch of testing and I
found that Windows...
Any update on when EnableCertPaddingCheck will be updated to be REG_SZ
instead of DWORD? <policy name="Pol_SecGuide_Certificate_Padding"
class="Machine" displayName="$(string.Pol_SecGuide_CertPadding)"
explainText="$(string.Pol_SecGuide_CertPadding_Help)"
key="Software\Microsoft\Cryptography\Wintrus...
Latest Comments