CVE-2020-1464

CVE Published	2020-08-17
Related CWE(s)	CWE-347: Improper Verification of Cryptographic Signature
Related Vendor(s)	microsoft
Related Product(s)	windows_8.1, windows_server_2008, windows_10, windows_server_2012, windows_server_2019, windows_server_2016, windows_7, windows_rt_8.1
Exploitation Reported (CISA KEV)	2021-11-03
CVSS 3 Base Score	5.5 (MEDIUM)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	LOCAL

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Padding Oracle Crypto Attack (CAPEC-463)

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

Signature Spoofing by Improper Validation (CAPEC-475)

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.

References

CVE-2020-1464

Cyber Threat Graph Context

Associated CAPEC Patterns

Padding Oracle Crypto Attack (CAPEC-463)

Signature Spoofing by Improper Validation (CAPEC-475)

References

CVE.org

NIST National Vulnerability Database

CISA Known Exploited Vulnerabilities