Powershell-Scripts/Vulnerability Scripts/Certificate Padding/Vuln - Fix Win VerifyTrust Signature.ps1

<#
Author: Craig Krautkramer
Date: 10/07/2022

Code Review: Daniel K, Gabe K
Date: 06.19.2024

.SYNOPSIS
Script applies the "Cert Padding Check" registy associated with the MS13-098 patch from Microsoft.

.DESCRIPTION
Script applies the "Cert Padding Check" registy associated with the MS13-098 patch from Microsoft.  Sets the 
following registry key:

	HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config
	EnableCertPaddingCheck=1

	HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
	EnableCertPaddingCheck=1

.LINK
https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2014/2915720?redirectedfrom=MSDN

.PARAMETER Date
    Sets date to format "yyyy-MM-dd--Thh-mm-ss".

.PARAMETER EPCacheLocal
    Sets endpoint local cache to "C:\Temp\Script Cache".

.PARAMETER ValueName
    Registry value name EnableCertPaddingCheck.

.PARAMETER Value
    Registry value of 1.

.PARAMETER PropertyType
    Registry property type String.

.PARAMETER BackupPath_x86
    Sets backup path for x86 "$EPCacheLocal\VULN_MS13-098_x86_RegBackup_$Date.reg".

.PARAMETER Path_x86
    Sets x86 registry path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config'.

.PARAMETER BackupPath_x64
    Sets backup path for x64 "$EPCacheLocal\VULN_MS13-098_x64_RegBackup_$Date.reg".

.PARAMETER Path_x64
    Sets x64 registry path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config'.
#>

[CmdletBinding()]
param (
    [Parameter(Mandatory = $false)]
    [string]$Date = (Get-Date -Format "yyyy-MM-dd--Thh-mm-ss"),
    [Parameter(Mandatory = $false)]
    [string]$EPCacheLocal = "C:\Temp\Script Cache",
    [Parameter(Mandatory = $false)]
    [string]$ValueName = 'EnableCertPaddingCheck',
    [Parameter(Mandatory = $false)]
    [string]$Value = '1',
    [Parameter(Mandatory = $false)]
    [string]$PropertyType = 'String',
    [Parameter(Mandatory = $false)]
    [string]$BackupPath_x86 = "$EPCacheLocal\VULN_MS13-098_x86_RegBackup_$Date.reg",
    [Parameter(Mandatory = $false)]
    [string]$Path_x86 = 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config',
    [Parameter(Mandatory = $false)]
    [string]$BackupPath_x64 = "$EPCacheLocal\VULN_MS13-098_x64_RegBackup_$Date.reg",
    [Parameter(Mandatory = $false)]
    [string]$Path_x64 = 'HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config'
)

If ($ENV:PROCESSOR_ARCHITECTURE -eq 'AMD64') {
    $RegValue_x86 = (Get-ItemProperty -Path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
    $RegValue_x64 = (Get-ItemProperty -Path $Path_x64 -ErrorAction SilentlyContinue).$ValueName
	
    # Check 32 bit registry property type. Added as script was originally set to use DWORD instead of String.
    If ($null -ne $RegValue_x86) {
        If ($RegValue_x86.GetType().Name -ne 'String') {
            Write-Host "Value $ValueName is the incorrect Property Type. Removing and recreating."
            Remove-ItemProperty -Path $Path_x86 -Name $ValueName -Force | Out-Null
            $RegValue_x86 = (Get-ItemProperty -Path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
        }
    }
	
    # Check 32 bit registry property type. Added as script was originally set to use DWORD instead of String.
    If ($null -ne $RegValue_x64) {
        If ($RegValue_x64.GetType().Name -ne 'String') {
            Write-Host "Value $ValueName is the incorrect Property Type. Removing and recreating."
            Remove-ItemProperty -Path $Path_x64 -Name $ValueName -Force | Out-Null
            $RegValue_x64 = (Get-ItemProperty -Path $Path_x64 -ErrorAction SilentlyContinue).$ValueName
        }
    }
	
    # Check if registry values already exist. Exit if true. Else create registy value.
    If ($RegValue_x86 -eq $Value -and $RegValue_x64 -eq $Value) {
        Write-Host "Registry values already exists:"
        $Path_x86
        "$ValueName = $RegValue_x86"
		
        Write-Host `n
        $Path_x64
        "$ValueName = $RegValue_x64"
    }
    Else {
        # Backup Registry
        # Reg.exe export requires no :
        If ((Test-Path $EPCacheLocal) -eq $false) {New-Item -ItemType Directory -Path $EPCacheLocal | Out-Null}
        If (Test-Path $Path_x86) {
            Reg.exe export $($Path_x86 -replace ":", "") $BackupPath_x86 | Out-Null
            Write-Host "Registry settings backed up to: $BackupPath_x86"
        }
        If (Test-Path $Path_x64) {
            Reg.exe export $($Path_x64 -replace ":", "") $BackupPath_x64 | Out-Null
            Write-Host "Registry settings backed up to: $BackupPath_x64"
        }

        # Set Values
        If (!(Test-Path $Path_x86)) {New-Item $Path_x86 -Force | Out-Null}
        New-ItemProperty -Path $Path_x86 -Name $ValueName -Value $Value -PropertyType $PropertyType -Force | Out-Null
        If (!(Test-Path $Path_x64)) {New-Item $Path_x64 -Force | Out-Null}
        New-ItemProperty -Path $Path_x64 -Name $ValueName -Value $Value -PropertyType $PropertyType -Force | Out-Null

        # Reporting
        $RegValue_x86 = (Get-ItemProperty -Path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
        $RegValue_x64 = (Get-ItemProperty -Path $Path_x64 -ErrorAction SilentlyContinue).$ValueName

        If ($RegValue_x86 -eq $Value) {
            Write-Host "Registry Value has been set:"
            $Path_x86
            "$ValueName = $RegValue_x86"
        }
        Else {
            Write-Host "Value $ValueName does not exist in $Path_x86 or is set incorrectly"
        }
		
        If ($RegValue_x64 -eq $Value) {
            Write-Host `n
            Write-Host "Registry Value has been set:"
            $Path_x64
            "$ValueName = $RegValue_x64"
        }
        Else {
            Write-Host "Value $ValueName does not exist in $Path_x86 or is set incorrectly"
        }
    }
}
Else {
    $RegValue_x86 = (Get-ItemProperty -path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
	
    # Check 32 bit registry property type. Added as script was originally set to use DWORD instead of String.
    If ($null -ne $RegValue_x86) {
        If ($RegValue_x86.GetType().Name -ne 'String') {
            Write-Host "Value $ValueName is the incorrect Property Type. Removing and recreating."
            Remove-ItemProperty -Path $Path_x86 -Name $ValueName -Force | Out-Null
            $RegValue_x86 = (Get-ItemProperty -Path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
        }
    }
	
    # Check if registry values already exist. Exit if true. Else create registy value.
    If ($RegValue_x86 -eq $Value) {
        Write-Host "Registry value already exists:"
        $Path_x86
        "$ValueName = $RegValue_x86"
    }
    Else {
        # Backup Reg
        If (!(Test-Path $EPCacheLocal)) {New-Item -ItemType directory -Path $EPCacheLocal | Out-Null}
        If (Test-Path $Path_x86) {
            Reg.exe export $($Path_x86 -replace ":", "") $BackupPath_x86 | Out-Null
            Write-Host "Registry settings backed up to: $BackupPath_x86"
        }

        # Set Values
        If (!(Test-Path $Path_x86)) {New-Item $Path_x86 -Force | Out-Null}
        New-ItemProperty -Path $Path_x86 -Name $ValueName -Value $Value -PropertyType $PropertyType -Force | Out-Null

        # Reporting
        $RegValue_x86 = (Get-ItemProperty -Path $Path_x86 -ErrorAction SilentlyContinue).$ValueName
        If ($RegValue_x86 -eq $Value) {
            Write-Host "Registry Value has been set:"
            $Path_x86
            "$ValueName = $RegValue_x86"
        }
        Else {
            Write-Host "Value $ValueName does not exist in $Path_x86 or is set incorrectly."
        }
    }
}