CVE-2020-1464

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A spoofing vulnerability exists when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. This issue has been exploited in real-world attacks, with attackers using polyglot files that combine multiple formats to evade detection. These files can be executed as MSI in Windows and as JAR files by the Java runtime environment, allowing them to hide malicious code and bypass antivirus checks.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to address the vulnerability by correcting how Windows validates file signatures. As a temporary workaround, consider restricting the use of vulnerable components, such as disabling the execution of polyglot files, until a patch is available. Avoid using files that combine multiple formats, such as MSI and JAR, to minimize the risk of exploitation.