CVE-2020-1464

CVE Database · CVE-2020-1464

CVE-2020-1464

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

41.13%

Published

Aug 17, 2020

Modified

Feb 23, 2026

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-347CWE-347

Affected Products (20)

microsoft · windows_10_1507vulnerable

microsoft · windows_10_1607vulnerable

microsoft · windows_10_1709vulnerable

microsoft · windows_10_1803vulnerable

microsoft · windows_10_1809vulnerable

microsoft · windows_10_1903vulnerable

microsoft · windows_10_1909vulnerable