Microsoft has fixed a vulnerability of 0-day Windows file signature that exists since 2018


A 0-day bug, impacting Windows 7, Windows 8.1, Windows 10 and other Windows Server versions, has been patched as part of Patch Tuesday on August 11. Microsoft has acknowledged having found that there have been attacks that target this flaw.

This is a vulnerability to spoofing within the operating system.
The details are listed at CVE-2020-1464. The consequence is that hackers will eventually
use it to install poorly signed files with success.

“There is a spoofing flaw which may allow Windows to improperly check file signatures.

An attacker that has successfully exploited this weakness can circumvent protection mechanisms and load files with inappropriate signatures.
In an assault situation, an attacker can defeat the intent of avoiding inappropriate signature loading.

File encryption settings. “Microsoft said, this bug seems like it’s been running since 2018.

KrebsOnSercurity disclosed that Bernardo Quintero, VirusTotal ‘s president,
first reported the fraud flaw to Microsoft and the company later verified the finding to him.

Nonetheless, “Microsoft has agreed not to address this problem in the latest release of Windows, and acknowledges that this case and our conclusions should be published publicly on the site.”

This is outlined in a blog post highlighted by the author.

Tal Be’ery, a technology analyst and founder of KZen Networks, also pointed out that evidence remains
that the bug was detected in the summer of 2018, and Microsoft opted not to fix it in any way.

Microsoft has ignored the question of whether to submit the fix had to wait until now.

Yet to make matters worse, Microsoft did not release a patch in 2018, and refused to address operating system vulnerabilities until August 2020. This ensures this Windows 7 computers that are vulnerable to attack can no longer provide updates due to their unpaid existence. The company’s funding expired as early as January 2020.