CVE-2020-1464
Published: 17 August 2020
Summary
CVE-2020-1464 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Deeper analysis
A spoofing vulnerability tracked as CVE-2020-1464 exists in Windows when the operating system incorrectly validates file signatures. The flaw, assigned CWE-347, allows an attacker to bypass signature checks and load improperly signed files, affecting the core file signature validation component in Windows.
An attacker with local access and low privileges can exploit the issue without user interaction to circumvent security features designed to block improperly signed files, potentially achieving high impact on confidentiality, integrity, and availability as reflected in its CVSS 7.8 score.
Microsoft addressed the vulnerability through a security update that corrects the signature validation logic, as detailed in the MSRC advisory. Public reporting indicates the flaw was a zero-day that Microsoft delayed patching for approximately two years, with additional technical analysis available in sources such as Krebs on Security and a detailed write-up on the exploitation path.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-12339
Vulnerability details
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly…
more
signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires verification of software/firmware integrity via cryptographic signatures, blocking the exact signature-validation bypass in CVE-2020-1464.
Mandates that only digitally-signed components with approved certificates may be loaded, directly countering the flawed Windows signature check.
Requires timely installation of the vendor security update that corrects the signature-validation logic described in the CVE.