CVE-2020-1464

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
microsoftwindows_10_1507
-
microsoftwindows_10_1607
-
microsoftwindows_10_1709
-
microsoftwindows_10_1803
-
microsoftwindows_10_1809
-
microsoftwindows_10_1903
-
microsoftwindows_10_1909
-
microsoftwindows_10_2004
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_1903
-
microsoftwindows_server_1909
-
microsoftwindows_server_2004
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464