Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7062 | APPNET0047 | SV-7445r2_rule | DCSL-1 | Medium |
Description |
---|
Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software publishers and ensure that software applications have not been tampered with. Authenticode technology relies on digital certificates and is based on Public Key Cryptography Standards (PKCS) #7 (encrypted key specification), PKCS #10 (certificate request formats), X.509 (certificate specification), and Secure Hash Algorithm (SHA) and MD5 hash algorithms. .Net application developers sign their application code with their public key and Authenticode technology performs certificate validation tasks prior to allowing the application to run. If the system is not configured properly, Authenticode will not check for expired certificates creating an integrity risk which could result in malware running on the system. |
STIG | Date |
---|---|
Microsoft Dot Net Framework 4.0 STIG | 2015-09-15 |
Check Text ( None ) |
---|
None |
Fix Text (F-12603r8_fix) |
---|
Using regedit, verify the hexadecimal value of the "HKEY_USER\[UNIQUE USER SID VALUE]\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State" registry key. For production systems, change the hexadecimal value in nibble position 3 to "0". For development systems, change the hexadecimal value in nibble position 3 to "0" or the IAO must provide documented approval. Example fix: Hex value: 10c00 Nibble position: 54321 To apply fix, example hex value "c" in nibble position 3 would be changed to hex value "0" resulting in a hex value of 10000. |