Vulnerability Description
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 1507 | - |
| Microsoft | Windows 10 1607 | - |
| Microsoft | Windows 10 1709 | - |
| Microsoft | Windows 10 1803 | - |
| Microsoft | Windows 10 1809 | - |
| Microsoft | Windows 10 1903 | - |
| Microsoft | Windows 10 1909 | - |
| Microsoft | Windows 10 2004 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Rt 8.1 | - |
| Microsoft | Windows Server 1903 | - |
| Microsoft | Windows Server 1909 | - |
| Microsoft | Windows Server 2004 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows Server 2019 | - |
Related Weaknesses (CWE)
References
- https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.htmlThird Party Advisory
- https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-yearIssue TrackingThird Party Advisory
- https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98ExploitThird Party Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464PatchVendor Advisory
- https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.htmlThird Party Advisory
- https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-yearIssue TrackingThird Party Advisory
- https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98ExploitThird Party Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464PatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource
FAQ
What is CVE-2020-1464?
CVE-2020-1464 is a vulnerability with a CVSS score of 7.8 (HIGH). A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed ...
How severe is CVE-2020-1464?
CVE-2020-1464 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1464?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1709, Microsoft Windows 10 1803, Microsoft Windows 10 1809.