CVE-2020-16922
MEDIUMWindows - Spoofing via Improper File Signature Validation
Title source: llmDescription
<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.</p> <p>In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.</p> <p>The update addresses the vulnerability by correcting how Windows validates file signatures.</p>
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16922
Scores
CVSS v3
5.3
EPSS
0.0079
EPSS Percentile
51.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-347
Status
published
Products (20)
microsoft/windows_10
microsoft/windows_10
1607
microsoft/windows_10
1709
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1903
microsoft/windows_10
1909
microsoft/windows_10
2004
microsoft/windows_7
microsoft/windows_8.1
... and 10 more
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026