Cyber Resilience

CVE-2020-1464

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 17 August 2020

Published
17 August 2020
Modified
23 February 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0786 92.2th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-1464 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

A spoofing vulnerability tracked as CVE-2020-1464 exists in Windows when the operating system incorrectly validates file signatures. The flaw, assigned CWE-347, allows an attacker to bypass signature checks and load improperly signed files, affecting the core file signature validation component in Windows.

An attacker with local access and low privileges can exploit the issue without user interaction to circumvent security features designed to block improperly signed files, potentially achieving high impact on confidentiality, integrity, and availability as reflected in its CVSS 7.8 score.

Microsoft addressed the vulnerability through a security update that corrects the signature validation logic, as detailed in the MSRC advisory. Public reporting indicates the flaw was a zero-day that Microsoft delayed patching for approximately two years, with additional technical analysis available in sources such as Krebs on Security and a detailed write-up on the exploitation path.

EU & UK References

Vulnerability details

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly…

more

signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows 10 1909
all versions
microsoft
windows 10 2004
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires verification of software/firmware integrity via cryptographic signatures, blocking the exact signature-validation bypass in CVE-2020-1464.

prevent

Mandates that only digitally-signed components with approved certificates may be loaded, directly countering the flawed Windows signature check.

prevent

Requires timely installation of the vendor security update that corrects the signature-validation logic described in the CVE.

References