A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
Published 2020-08-17 19:15:15
Updated 2025-02-04 19:15:23
View at NVD,   CVE.org

Products affected by CVE-2020-1464

CVE-2020-1464 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft Windows Spoofing Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-1464
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-1464

34.57%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1464

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.1
LOW AV:L/AC:L/Au:N/C:N/I:P/A:N
3.9
2.9
NIST
5.5
MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1.8
3.6
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.8
5.9
Microsoft Corporation 2024-01-04

CWE ids for CVE-2020-1464

References for CVE-2020-1464

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!