KB4579311 lists the following known issues:
When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer. This issue occurs when one or more of the following is present in a driver package:
- An improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.
- A driver catalog file extension is not one of supported extensions.
I’m not worried about the second, assuming that I’m correct that this means having something other than “.cat” as your catalog file extension. As a driver developer, however, the first has me baffled from an actions-to-take standpoint. Is this caused by using an older version of inf2cat or signtool? Is this caused by improperly using those tools? Is there some way I can verify that a large number of drivers will or will not be impacted by this without just going and installing all of them on a system on which this KB has been installed?