KB4579311->driver installation failures

KB4579311 lists the following known issues:

When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer. This issue occurs when one or more of the following is present in a driver package:

• An improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.
• A driver catalog file extension is not one of supported extensions.

I’m not worried about the second, assuming that I’m correct that this means having something other than “.cat” as your catalog file extension. As a driver developer, however, the first has me baffled from an actions-to-take standpoint. Is this caused by using an older version of inf2cat or signtool? Is this caused by improperly using those tools? Is there some way I can verify that a large number of drivers will or will not be impacted by this without just going and installing all of them on a system on which this KB has been installed?

Awesome question. I, quite frankly, wondered the same thing. But we’ve been so busy that I haven’t even had a chance to look into this.

Maybe somebody here can give us (all) some guidance.

Peter

Same. I stumbled upon it a week or two ago and put it into the “Huh. I should look into that.” bucket. I’d forgotten it until a colleague at a different company made an oblique reference in a conference call this morning to having encountered it in the real world. I’ve pinged him. If I get any scoop I will let you know.