Surprised this years-old Microsoft Security Bulletin MS13-098 has never been posted on this forum.
https://www.wired.com/story/zloader-microsoft-signature-verification-hack/
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago
- This topic has 2 replies, 3 voices, and was last updated 3 years, 4 months ago by
.
Viewing 1 reply threadAuthor-
An article over on Check Point Research provides a strict Authenticode verification registry key.
Safety Tips
We recommend that users apply Microsoft’s update for strict Authenticode verification. To do so, paste these lines into Notepad and save the file with .reg extension before running it.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] “EnableCertPaddingCheck”=”1” [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] “EnableCertPaddingCheck”=”1”
We should also note that after applying the fix, some signatures of legitimate benign installers will show up with an invalid signature. In addition, if mshta.exe is not relevant in your environment, you may disable it and mitigate the execution of scripts that are inserted into such files….
Most of the victims downloaded malicious DLL files are found in the USA according to their findings, see graph on linked page above.
TIP: you may wish to add 134.0.117.16 to your firewall in/outbound block list
Windows - commercial by definition and now function...1 user thanked author for this post.
-
Viewing 1 reply thread - This topic has 2 replies, 3 voices, and was last updated 3 years, 4 months ago by
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Office gets current release
by 19 minutes ago
-
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by 12 hours, 35 minutes ago
-
Windows AI Local Only no NPU required!
by 35 minutes ago
-
Stop the OneDrive defaults
by 13 hours, 23 minutes ago
-
Windows 11 Insider Preview build 27868 released to Canary
by 23 hours, 19 minutes ago
-
X Suspends Encrypted DMs
by 1 day, 1 hour ago
-
WSJ : My Robot and Me AI generated movie
by 1 day, 1 hour ago
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by 1 day, 2 hours ago
-
OpenAI model sabotages shutdown code
by 1 day, 3 hours ago
-
Backup and access old e-mails after company e-mail address is terminated
by 15 hours, 13 minutes ago
-
Enabling Secureboot
by 22 hours, 13 minutes ago
-
Windows hosting exposes additional bugs
by 1 day, 10 hours ago
-
No more rounded corners??
by 1 day, 6 hours ago
-
Android 15 and IPV6
by 20 hours, 31 minutes ago
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by 1 day, 23 hours ago
-
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by 2 days, 2 hours ago
-
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by 1 day, 20 hours ago
-
Windows Update orchestration platform to update all software
by 2 days, 9 hours ago
-
May preview updates
by 1 day, 20 hours ago
-
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by 1 day, 12 hours ago
-
Just got this pop-up page while browsing
by 2 days, 1 hour ago
-
KB5058379 / KB 5061768 Failures
by 1 day, 22 hours ago
-
Windows 10 23H2 Good to Update to ?
by 1 day ago
-
At last – installation of 24H2
by 3 days ago
-
MS-DEFCON 4: As good as it gets
by 2 hours, 5 minutes ago
-
RyTuneX optimize Windows 10/11 tool
by 3 days, 13 hours ago
-
Can I just update from Win11 22H2 to 23H2?
by 1 day, 11 hours ago
-
Limited account permission error related to Windows Update
by 4 days, 2 hours ago
-
Another test post
by 4 days, 2 hours ago
-
Connect to someone else computer
by 3 hours, 55 minutes ago
Remembering Woody
