The most popular tool is GnuPG, normally a command-line tool, but the Gpg4win project has a bundle of GnuPG for Windows along with two graphical interfaces.
$ gpg --verify putty.exe.DSA putty.exe gpg: Signature made 2013-08-06T20:21:29 EEST gpg: using DSA key FECD6F3F08B0A90B gpg: Good signature from "PuTTY Releases (DSA) " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 00B1 1009 38E6 9800 6518 F0AB FECD 6F3F 08B0 A90B
(I had imported the signer's public key before. You will need to do that too, as well as find a way of making sure that you have the correct key and not a fake one...)
While PGP Corporation was bought by Symantec long ago, among their various PGP-based products you can still find trial versions of Symantec Desktop Email Encryption and Symantec Encryption Desktop Corporate which are a continuation of the original PGP for Windows and commercial PGP Desktop 8.x–9.x.
Trial versions of PGP Desktop 8.x can be found in various places. It is likely that 7.x will work just fine for verifying the signatures, even if it lacks security fixes and updates.