Coffeehouse Thread

4 posts

Bug in digital signature verification (win7-64)?

Back to Forum: Coffeehouse
  • User profile image
    androidi

    Have you come across any digital signatures recently where the properties say "The digital signature is OK." and the certification path looks ok, but then there's this funny thing that the countersignatures timestamp is the time you opened the Digital Signature Details dialog. An authentic version of the same file does no such thing. I'm not really expert on the matter but I doubt the countersignature timestamp should be updating like that. I have to say I got fooled by this as I didn't study the dates carefully. I started investigating when some other things didn't look right.

    edit: I guess it's possible that the explorer properties doesn't check that the countersignature timestamp is valid?

  • User profile image
    evildictait​or

    Please post the file in question and I'll look at it.

    Alternately, forward your question to secure@microsoft.com and they'll take a look.

  • User profile image
    blowdart

    , evildictait​or wrote

    Alternately, forward your question to secure@microsoft.com and they'll take a look.

    This. And make a sample of the file exhibiting the weirdness available please.

  • User profile image
    evildictait​or

    I can't repro it here, and based on the level of peer-review WinVerifyTrust has undergone, I'm assuming this is a shell problem rather than a security one.

    Even so, send a screenshot detailing the problem and a copy of the file in a ZIP file and send it to secure@microsoft.com and they'll make sure the correct team gets sight of any bugs you're seeing.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.