Can anyone articulate the potential impact of enabling the EnableCertPaddingCheck registry change for CVE-2013-3900?
do users get a warning, or does functionality just stop?
are there safe ways to simulate a file that triggers the padding check?
I’d like to apply this but want to better understand the operational risks and testing methods. Any insights or experiences would be greatly appreciated!
That seems to be the consensus, but no one has ever mentioned how they proposed this change in change management, most threads are focused on implementation and end when they figure it out. My best guess is that if this change is enabled and a real certificate padding issue was identified, because the file would be untrusted, users would see warnings like they normally would for untrusted files such as smartscreen warnings and/or Attack Surface Reduction rule blocks from Windows Defender matching the " block executable files that are untrusted" rule. Did you bring this up in change management or did you just roll it out?
lol, no issues even a standalone on any older PCs, or servers, particularly domain controllers? You must have communicated the change in some form, no? how did you answer any questions regarding potential impact, user experience, etc?
We don’t have a formal change management, but we’re on the smaller side. I did my due diligence in researching what it could do and made the change. No regrets.