Microsoft Authenticode vulnerabilities

[German]In a blog post, security researchers show how the complexity of Microsoft Authenticode can be used to undermine security in signing a code.

Microsoft Authenticode is a code signing technology that software vendors use to ensure the origin and integrity of their applications. The vast majority of modern programs actively use Microsoft Authenticode and therefore rely on its integrity validation system.

The core principle of Authenticode is the immutability of the code – a firm guarantee that the code of an application once signed cannot change without compromising the integrity of the digital signature. In this way, application users can be assured that the code they are executing is the code created and signed by the software vendor.

Via the above Tweet I became aware of the article Breaking the Microsoft Authenticode security model by Reversing Labs. The security researchers write that Microsoft Authenticode was designed very well. But since the whole thing is quite complex, he point out three places that allow manipulation of program code without invalidating the Microsoft Authenticode signature. Details may be read within the article.

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *