A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
References
Link | Resource |
---|---|
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html | Third Party Advisory |
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/ | Third Party Advisory |
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Jan 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. |
04 Jan 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 7.8 |
Summary | (en) <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.</p> <p>In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.</p> <p>The update addresses the vulnerability by correcting how Windows validates file signatures.</p> |
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-08-17 19:15
Updated : 2024-01-19 00:15
NVD link : CVE-2020-1464
Mitre link : CVE-2020-1464
CVE.ORG link : CVE-2020-1464
JSON object : View
Products Affected
microsoft
- windows_server_2008
- windows_rt_8.1
- windows_8.1
- windows_server_2012
- windows_10
- windows_server_2016
- windows_server_2019
- windows_7
CWE
CWE-347
Improper Verification of Cryptographic Signature