Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1464

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

Published

2020-08-17T19:15:14.867

Last Modified

2025-04-04T20:47:25.163

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-347
  • Type: Secondary
    CWE-347
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System microsoft windows_10_1507 - Yes
Operating System microsoft windows_10_1607 - Yes
Operating System microsoft windows_10_1709 - Yes
Operating System microsoft windows_10_1803 - Yes
Operating System microsoft windows_10_1809 - Yes
Operating System microsoft windows_10_1903 - Yes
Operating System microsoft windows_10_1909 - Yes
Operating System microsoft windows_10_2004 - Yes
Operating System microsoft windows_7 - Yes
Operating System microsoft windows_8.1 - Yes
Operating System microsoft windows_rt_8.1 - Yes
Operating System microsoft windows_server_1903 - Yes
Operating System microsoft windows_server_1909 - Yes
Operating System microsoft windows_server_2004 - Yes
Operating System microsoft windows_server_2008 - Yes
Operating System microsoft windows_server_2008 r2 Yes
Operating System microsoft windows_server_2012 - Yes
Operating System microsoft windows_server_2012 r2 Yes
Operating System microsoft windows_server_2016 - Yes
Operating System microsoft windows_server_2019 - Yes
References