CVE-2020-16922: Windows Spoofing Vulnerability

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

0.54% (percentile: 67.8%)

Description

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

Affected Products (44)

Other

• 11497
• 11498
• 11563
• 11568
• 11569
• 11570
• 11571
• 11572
• 11712
• 11713
• 11714
• 11715
• 11453
• 11454
• 11583
• 11644
• 11645
• 11646
• 11647
• 11766
• 11767
• 11768
• 11769
• 10729
• 10735
• 10852
• 10853
• 10816
• 10855
• 10047
• 10048
• 10481
• 10482
• 10484
• 9312
• 10287
• 9318
• 9344
• 10051
• 10049
• 10378
• 10379
• 10483
• 10543

Security Updates (15)

• 4580330
• 4577668
• 4577671
• 4580328
• 4579311
• 4580327
• 4580346
• 4580345
• 4580387
• 4580347
• 4580358
• 4580378
• 4580385
• 4580382
• 4580353

Acknowledgments

RedDrip Team (@RedDrip7) of QiAnXin TIC (https://ti.qianxin.com)

Revision History

• 2020-10-13: Information published.