Endpoint Protection

Hi All,

Hope Symantec is aware of this below Microsoft update..

Change in how signatures are verified for binaries signed with the Windows Authenticode signature format Effective from:  August 12, 2014.

After 12th Aug the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after August 12, 2014, Windows will no longer recognize non-compliant binaries as signed.

The Security bulletin for this patch is : https://support.microsoft.com/kb/2893294

Concerned Microsoft Security Advisory : https://technet.microsoft.com/library/security/2915720

Please advise..If any action required for SEP for the above change...

Regards,

Sankara Subramanian

Haven't seen anything yet, best to contact support at this time.

Thanks for updating the thread.

Hi sankara,

Thats was suppose to be triggered on Aug 12^th as the functionality is already installed with MS13-098,

Again it won't get enabled unless you make the registry change

The information is available on http://technet.microsoft.com/en-us/library/2915720.aspx .

How will Microsoft implement the stricter Windows Authenticode signature verification behavior? 
On December 10, 2013, Microsoft released Security Bulletin MS13-098 to deploy the underlying code for stricter Authenticode Signature verification behavior. Previously, this advisory announced that by August 12, 2014 Microsoft would enable the changes implemented with MS13-098 as default functionality. However, as we worked with customers to adapt to this change, we determined that the impact to existing software could be high. Therefore, Microsoft no longer plans to enforce the stricter verification behavior as a default requirement. The underlying functionality for stricter verification remains in place, however, and can be enabled at customer discretion.

How can I enable the new signature verification behavior? 
Customers who would like to enable the new Authenticode signature verification behavior can do so by setting a key in the system registry. When the key is set, Windows Authenticode signature verification will no longer recognize binaries with Authenticode signatures that contain extraneous information in the WIN_CERTIFICATE structure. Customers can choose to disable the functionality at any time by disabling this registry key. See Suggested Actions below for instructions.

I enabled this change, do I need to do anything now that it will not be enforced by default? 
Customers who have already enabled the stricter verification behavior, and have not experienced problems, can choose to leave the verification behavior enabled. Customers who are experiencing application compatibility problems with the new behavior, or customers who simply want to disable the new behavior, can disable the functionality by removing the EnableCertPaddingCheck registry key. See Suggested Actions below for instructions.

I did not enable this change, do I need to do anything now that it will not be enforced by default? 
No. The stricter verification behavior that was installed with MS13-098 will reside on the system but will be dormant functionality until enabled.

Yes you are correct...even i got the infomration that they asked us to ignore it unitll further notice from MS.

By,

Dhanshan