Vulnerability Details : CVE-2020-1464
Potential exploit
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
Products affected by CVE-2020-1464
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*
CVE-2020-1464 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Spoofing Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-1464
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-1464
34.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1464
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Microsoft Corporation | 2024-01-04 |
CWE ids for CVE-2020-1464
-
The product does not verify, or incorrectly verifies, the cryptographic signature for data.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-1464
-
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
Distribution of malicious JAR appended to MSI files signed by third parties ~ VirusTotal BlogThird Party Advisory
-
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
Microsoft Put Off Fixing Zero Day for 2 Years — Krebs on SecurityIssue Tracking;Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
CVE-2020-1464 | Windows Spoofing VulnerabilityPatch;Vendor Advisory
-
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
Exploit;Third Party Advisory
-
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
GlueBall: The story of CVE-2020–1464 | by Tal Be'ery | MediumExploit;Third Party Advisory
Jump to