Microsoft has just patched a critical security hole in Windows 10 discovered in 2018
The vulnerability is codenamed CVE-2020-1464 and described by Microsoft as an impersonation flaw in the way Windows authenticates digital signature files. An attacker who successfully exploits this vulnerability can bypass security features and download malicious, malicious files into the system.
However, two security researchers Tal Be'ery and Peleg Hadar revealed that the vulnerability was reported to Microsoft two years ago, on August 18, 2020. At that time, Microsoft announced it would not patch the vulnerability.
VirusTotal discovered that the Java file contained malicious code in 2018, according to security researcher Bernardo Quintero. back that they won't patch this flaw.
In January 2019, Quintero also announced more details about CVE-2020-1464. After checking the Java file for malicious code, he discovered that it was an MSI file appended to a Java file. Although it has been modified, Windows still considers this file to have a valid digital signature from Google, which you can see in the photo below.
Because some security solutions use digital signatures to determine whether the file has launch permissions, hackers can use this technique to bypass the security system. After that, they take control and cause unpredictable damage to the victim.
After updating the patch for CVE-2020-1464, Windows 10 will remove the digital signature of MSI files if they are turned into a Java file containing malicious code. You can compare the properties of a Java file containing malicious code on Windows 10 1909 and Windows 10 2004 (right) in the picture below.
Hacker can also add other files to MSI file however only Java file can be used to deploy malicious code.
It is still not clear why Microsoft refused to patch the vulnerability in 2018 but proceeded to fix it after two years. Microsoft also does not recognize Quintero as the first to discover this vulnerability.
You should read it
- Inspiron 1464 - Dell's Core i3 laptop in Vietnam
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilities
- Microsoft fixes 8 critical vulnerabilities
- Detects 'long-standing' security vulnerabilities in Microsoft Office
- Summary: All new Windows 10 features are announced by Microsoft at Build 2020
- Microsoft patched 6 zero-day vulnerabilities in Windows 10
- Microsoft released a patch for 75 critical vulnerabilities on Windows 7 / 8.1 / 10, asking users to install
- Microsoft patched drive-by errors in March
- How to check if the computer has serious Windows 10 vulnerabilities
- Microsoft patched a critical vulnerability in Windows
- Immediately fix critical vulnerabilities in Windows NTLM security protocol