Microsoft Relents, Authenticode Signature Verification Changes No Longer Mandatory

Microsoft had originally intended to make changes to verifying Authenticode-signed binaries mandatory across all supported versions of Windows, with August 12, 2014 providing the drop-dead date. The change, predicated by a security advisory (MS13-098), would alter the behavior for Windows Authenticode signature verification. To make it more secure the verification process would no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows would no longer recognize non-compliant binaries as signed.

But, after working with customers, it became clear that there were just too many obstacles and too much impact to existing software to roll out the mandated function. Microsoft still recommends that this change be made, just only when it's feasible for customers to do so after ensuring business applications will still continue to function.

For those customers that would still like to enable the stricter setting, a registry key can be modified to enable it, outlined in the Suggested Actions section HERE.

Microsoft has also reserved the right to attempt to enforce the change in the future.