CVE-2020-1464

HIGH KEV

Windows - Info Disclosure

Title source: llm

Description

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

References (5)

[Third Party Advisory] https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html

[Issue Tracking, Third Party Advisory] https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/

[Exploit, Third Party Advisory] https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464

Scores

CVSS v3 7.8

EPSS 0.0786

EPSS Percentile 92.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-08-11

InTheWild.io 2020-08-11

ENISA EUVD EUVD-2020-12339

CWE

CWE-347

Status published

Products (20)

microsoft/windows_10_1507

microsoft/windows_10_1607

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_10_1903

microsoft/windows_10_1909

microsoft/windows_10_2004

microsoft/windows_7

microsoft/windows_8.1

... and 10 more

Published Aug 17, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026