5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.071 Low
EPSS
Percentile
93.2%
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’.
Recent assessments:
zeroSteiner at August 11, 2020 9:33pm UTC reported:
A vulnerability exists within Windows that can allow file signature validation to be bypassed. This would allow an attacker to load and execute PE files without having signed them, possibly masquerading as a legitimate signature. This would be useful if the system the attacker is on requires signatures for all files or if the attacker wanted to load a library into a process where signatures are enforced.
This would not grant elevated privileges without being combined with an additional primitive.
While this is being actively exploited in the wild, at this time there are few public details on the vulnerability.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 3
blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1464
krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years
medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.071 Low
EPSS
Percentile
93.2%