jmconway · March 31, 2023 20:07
diff --git a/Set-WinVerifyTrustMitigations.ps1 b/Set-WinVerifyTrustMitigations.ps1
 <# Hardening Changes for WinVerifyTrust Signature Validation Vuln (CVE-2013-3900)
 ## 10+ year old "Opt In" Mitigation Still Exploited to This Day
 ## https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
 ## https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3900
 ## Inspired by: https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/
 #>

 <# Helper Function
 ## For the purposes of this script, assume DWORD values
 #>

 function Set-RegistryItem {
    param (
        [CmdletBinding()]
        [string]$Path
    )
    param (
        [CmdletBinding()]
        [string]$Name
    )
    param (
        [CmdletBinding()]
        [string]$Value
    )
    
    if (!(Test-Path -Path $Path)) {
        New-Item -Path $Path
        Try {
            New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType DWORD
        }
        Catch [System.IO.IOException] {
            Write-Host "Registry Value already exists. Proceeding..." -ForegroundColor Green
        }
        Catch {
            Write-Host "An unknown error occured creating/accessing $Path" -ForegroundColor Yellow
        }
    }
 }

 # Function to implement necessary registry changes
 function Set-WinVerifyTrustMitigations {
    $regPath = "HKLM:\\Software\Microsoft\Cryptography\Wintrust\Config"
    $regPathWow = "HKLM:\\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
    $regName = "EnableCertPaddingCheck"
    $regValue = "1"

    Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
    Set-RegistryItem -Path $regPathWow -Name $regName -Value $regValue

 }

 # Invoke function
 Set-WinVerifyTrustMitigations
	<# Hardening Changes for WinVerifyTrust Signature Validation Vuln (CVE-2013-3900)
	## 10+ year old "Opt In" Mitigation Still Exploited to This Day
	## https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
	## https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3900
	## Inspired by: https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/
	#>

	<# Helper Function
	## For the purposes of this script, assume DWORD values
	#>

	function Set-RegistryItem {
	param (
	[CmdletBinding()]
	[string]$Path
	)
	param (
	[CmdletBinding()]
	[string]$Name
	)
	param (
	[CmdletBinding()]
	[string]$Value
	)

	if (!(Test-Path -Path $Path)) {
	New-Item -Path $Path
	Try {
	New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType DWORD
	}
	Catch [System.IO.IOException] {
	Write-Host "Registry Value already exists. Proceeding..." -ForegroundColor Green
	}
	Catch {
	Write-Host "An unknown error occured creating/accessing $Path" -ForegroundColor Yellow
	}
	}
	}

	# Function to implement necessary registry changes
	function Set-WinVerifyTrustMitigations {
	$regPath = "HKLM:\\Software\Microsoft\Cryptography\Wintrust\Config"
	$regPathWow = "HKLM:\\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
	$regName = "EnableCertPaddingCheck"
	$regValue = "1"

	Set-RegistryItem -Path $regPath -Name $regName -Value $regValue
	Set-RegistryItem -Path $regPathWow -Name $regName -Value $regValue

	}

	# Invoke function
	Set-WinVerifyTrustMitigations