← Retour aux CVEs
CVE-2020-1464
HIGHCISA KEV7.8
Description
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie8/17/2020
Derniere modification2/23/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitWindows
Nom vulnerabiliteMicrosoft Windows Spoofing Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
microsoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_10_1909microsoft:windows_10_2004microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_1903microsoft:windows_server_1909microsoft:windows_server_2004microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019
Faiblesses (CWE)
CWE-347CWE-347
References
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html(secure@microsoft.com)
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/(secure@microsoft.com)
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464(secure@microsoft.com)
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html(af854a3a-2127-422b-91ae-364da2661108)
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.