Closed cakruege closed 7 months ago
HotCakeX
commented
7 months ago Hi, that hardening measure is implemented because it's recommended by the MSRC: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
It is also implemented in the Windows 11 23H2 security baselines.
That's why it exists here. If Microsoft says otherwise or they state that they no longer recommend it then it will be removed from here as well.
cakruege
commented
7 months ago Understood, thx for the explanation. Please consider ammending the documentation, enabling it creates a false sense of security.
HotCakeX
commented
7 months ago No problem, Amend what exactly?
There is nothing there that is not true, it's a simple explanation of the feature. There is no "false" sense of security, I didn't write "doing this will 100% keep you protected from all malware in the world".
If you believe the mitigation is not enough you can contact MSRC and let them know, if they change it there then I'll change them here.
Are you sure the Security measure is not already implemented?
Please explain your new Security measure suggestion
Hi,
"WinVerifyTrust Signature Validation" is absolutly useless, that's the reason why MS doesn't bother to do anything about it. You can easily create two binaries that differ sharing the same valid signature (and then do different things) but it's not possible to create a new binary for an existing signed binary that has the same valid signature.
Please remove the "hardening".
https://vcsjones.dev/authenticode-stuffing-tricks/ https://rioasmara.com/2023/04/09/sigflip-evasion-bypass-authenticode/ https://textslashplain.com/2016/05/13/cheating-authenticode-redux/
greetings Carsten