Coffeehouse Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Bug in digital signature verification (win7-64)?

Back to Forum: Coffeehouse
  • User profile image
    androidi

    Have you come across any digital signatures recently where the properties say "The digital signature is OK." and the certification path looks ok, but then there's this funny thing that the countersignatures timestamp is the time you opened the Digital Signature Details dialog. An authentic version of the same file does no such thing. I'm not really expert on the matter but I doubt the countersignature timestamp should be updating like that. I have to say I got fooled by this as I didn't study the dates carefully. I started investigating when some other things didn't look right.

    edit: I guess it's possible that the explorer properties doesn't check that the countersignature timestamp is valid?

  • User profile image
    evildictait​or

    Please post the file in question and I'll look at it.

    Alternately, forward your question to secure@microsoft.com and they'll take a look.

  • User profile image
    blowdart

    , evildictait​or wrote

    Alternately, forward your question to secure@microsoft.com and they'll take a look.

    This. And make a sample of the file exhibiting the weirdness available please.

  • User profile image
    evildictait​or

    I can't repro it here, and based on the level of peer-review WinVerifyTrust has undergone, I'm assuming this is a shell problem rather than a security one.

    Even so, send a screenshot detailing the problem and a copy of the file in a ZIP file and send it to secure@microsoft.com and they'll make sure the correct team gets sight of any bugs you're seeing.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.