KB978601 causes « invalid digital signature » error with a CAB file

About Forums Windows Update KB978601 causes « invalid digital signature » error with a CAB file

  • Ce sujet contient 3 réponses, 1 participant et a été mis à jour pour la dernière fois par paul, le il y a 2 années.
4 sujets de 1 à 4 (sur un total de 4)
  • Auteur
    Messages
  • 28/02/2020 à 05:07 #31
    paul
    Maître des clés

    Customers with KB978601 installed are unable install one of our
    software products. They get the error « invalid digital signature » when
    the installer reaches the last cab file. I was able to reproduce the
    problem on Windows 7 and XP (both with the latest updates), and also
    verified the problem goes away after uninstalling KB978601.

    The following error message was logged: « Error 1330. A file that is
    required cannot be installed because the cabinet file setup11.cab has
    an invalid digital signature. This may indicate that the cabinet file
    is corrupt. Error 24592 was returned by WinVerifyTrust. »

    Our product comes with 11 cab files. Only the last one gives the
    error. When you right-click on the cab file and view the certificate,
    the message is « This digital signature is not valid. »

    This problem just started happening yesterday (4/15/10).

    Any ideas or similar experiences?

    28/02/2020 à 05:08 #32
    paul
    Maître des clés

    Is the digital signature valid?

    For home users (only), no-charge support is available by calling
    1-866-PCSAFETY (and/or 1-866-234-6020 and/or 1-800-936-5700) in the United
    States and in Canada or by contacting your local Microsoft subsidiary.
    There is no-charge for support calls that are associated with security
    updates. When you call, clearly state that your problem is related to a
    Security Update and cite the update’s KB number (e.g., KB978601).

    Or you can…

    Start a free Windows Update support incident request:
    https://support.microsoft.com/oas/de…spx?gprid=6527

    Customers who experience issues installing Microsoft security updates also
    can visit the following pages for assistance:
    https://consumersecuritysupport.microsoft.com/
    http://support.microsoft.com/ph/6527#tab3

    For more information about how to contact your local Microsoft subsidiary
    for security update support issues, visit the International Support Web
    site: http://support.microsoft.com/common/international.aspx

    For enterprise customers, support for security updates is available through
    your usual support contacts.

    28/02/2020 à 05:08 #33
    paul
    Maître des clés

    I’d hazard a guess that the file will need to be resigned. Update KB978601
    changes the way in which cabinet and executable files are signed; I’m not expert
    in this area, but from my interpretation of it this change will invalidate
    previously good signatures under certain circumstances.

    You might get better advice in microsoft.public.security.crypto.

    Harry.

    28/02/2020 à 05:08 #34
    paul
    Maître des clés

    We’ve run into this issue with KB978601 also.

    The key issue here is that MS stepped up enforcement in the signature validation subsystem in such a way that previously valid signatures now don’t validate.

    It’s a simple test:
    1. Uninstall KB978601
    2. Validate the signature (look in file properties). It’s okay.
    3. Install KB978601
    4. Validate the signature again. Now it’s invalid. Same file. Nothing changed except for WinTrust.dll (the core Authenticode DLL in Windows that is updated by KB978601).

    For our situation, the cab files that fail post-KB978601 validation are all similar: they all contain only 1 zero-length file. So essentially these cabs are empty (just a file list with no real contents). As soon as we put some dummy data in the cab file (20 characters in our case), the signature validated just fine.

  • Auteur
    Messages
4 sujets de 1 à 4 (sur un total de 4)
  • Vous devez être connecté pour répondre à ce sujet.