commdlg32 and Windows 8 and Windows 10

W8 does not trust its own past?
W8 does not trust its own past?

The other day I unpacked my trusty HTA, I use to quickly check JavaScript snippets. It is very simple, but it also uses commdlg32 so that I can save and load these snipets to the local disk.

But to my surprise W8 does not let me use it. And judging by the error message W8 thinks that publisher is unknown. Regardless of the fact that publisher is (was) Microsoft itself. Although, admittedly  long time ago.

So, what is the solution? I need to know how to view the publisher info on this file and then think of a solution. I assume I can fiddle with IE10 security tab, since HTA uses IE10 as a ActiveX control through its host, which is mshta.exe.

commdlg32.cab file properties
commdlg32.cab file properties

Ok then, here we go. Doing the proverbial “right click”, and then selecting “Properties” form the context menu , on the commdlg32.cab reveals few more details. First dialogue (the basic W8 file properties dialogue) , “Digital Signature” tab shows that signer was indeed one Microsoft Corporation. There is also a time stamp of signing from a distant past, almost from a  primordial soup of computing, 19 August 1997, 17:35:29. Wow!

commdlg32.cab digital signature details
commdlg32.cab digital signature details

Of course there is the irresistible “Details” button which reveals the next dialogue. On top of which we can see “This digital signature is OK”. We can also see the name of the signer, no email is given and again this ancient signing time. Then there is this “Countersignatures” detail which after clicking through few more dialogues, reveals that Verisign was indeed a counter-signer  it has never accepted any liability beside that and most crucially this favour to Microsoft , was limited in time and has expired 31 Dec 1999.

comdlg32can verisign accepts no liability and also limits this favour
comdlg32can verisign accepts no liability and also limits this favour

There you have it, It was indeed a genuine Microsoft signature, but the counter-signer aka issuing body, Merciless Verisign Inc. limited her role in time and thus left this little file in a security limbo. It is genuine Microsoft product but not  endorsed by Verisign any more.

All previous Windows version actually did not mind this and this cab was perfectly useful and used. But not any more. Windows 8 is rejecting his ancestry. Apparently :)