Microsoft Relents, Authenticode Signature Verification Changes No Longer Mandatory

Due to potential customer issues, Microsoft has reversed its decision to make Authenticode changes mandatory.

Rod Trent

July 30, 2014

1 Min Read
Microsoft Relents, Authenticode Signature Verification Changes No Longer Mandatory

Microsoft had originally intended to make changes to verifying Authenticode-signed binaries mandatory across all supported versions of Windows, with August 12, 2014 providing the drop-dead date. The change, predicated by a security advisory (MS13-098), would alter the behavior for Windows Authenticode signature verification. To make it more secure the verification process would no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows would no longer recognize non-compliant binaries as signed.

But, after working with customers, it became clear that there were just too many obstacles and too much impact to existing software to roll out the mandated function. Microsoft still recommends that this change be made, just only when it's feasible for customers to do so after ensuring business applications will still continue to function.

For those customers that would still like to enable the stricter setting, a registry key can be modified to enable it, outlined in the Suggested Actions section HERE.

Microsoft has also reserved the right to attempt to enforce the change in the future.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like