Title

Microsoft Windows (WinVerifyTrust) Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a remote code execution vulnerability in the Windows Authenticode Signature Verification (WinVerifyTrust) function in Microsoft Windows. The WinVerifyTrust function performs two actions: signature checking on a specified object and trust verification action. To exploit this vulnerability, an attacker would modify an existing signed PE file to include malicious code without invalidating the signature and entice a user to run or install the malicious file sent via email or hosted on a web site. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code resulting in the complete compromise of affected systems.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-42581

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.