As part of its Patch Tuesday release on August 11, 2020, Microsoft included a zero day vulnerability that went unfixed for several years. This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass security features built into Windows to validate file signatures, ultimately allowing an attacker to run improperly signed binaries on a system. This spoofing vulnerability was first seen in the wild being used by malware in August 2018, when several researchers notified Microsoft of the problem. It is recommended that the MS20-AUG patch be applied immediately as it will correct how Windows validates file signatures.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
