Microsoft has just patched a critical security hole in Windows 10 discovered in 2018

The vulnerability is codenamed CVE-2020-1464 and described by Microsoft as an impersonation flaw in the way Windows authenticates digital signature files. An attacker who successfully exploits this vulnerability can bypass security features and download malicious, malicious files into the system.

However, two security researchers Tal Be'ery and Peleg Hadar revealed that the vulnerability was reported to Microsoft two years ago, on August 18, 2020. At that time, Microsoft announced it would not patch the vulnerability.

VirusTotal discovered that the Java file contained malicious code in 2018, according to security researcher Bernardo Quintero. back that they won't patch this flaw.

In January 2019, Quintero also announced more details about CVE-2020-1464. After checking the Java file for malicious code, he discovered that it was an MSI file appended to a Java file. Although it has been modified, Windows still considers this file to have a valid digital signature from Google, which you can see in the photo below.

Because some security solutions use digital signatures to determine whether the file has launch permissions, hackers can use this technique to bypass the security system. After that, they take control and cause unpredictable damage to the victim.

After updating the patch for CVE-2020-1464, Windows 10 will remove the digital signature of MSI files if they are turned into a Java file containing malicious code. You can compare the properties of a Java file containing malicious code on Windows 10 1909 and Windows 10 2004 (right) in the picture below.

Hacker can also add other files to MSI file however only Java file can be used to deploy malicious code. 

It is still not clear why Microsoft refused to patch the vulnerability in 2018 but proceeded to fix it after two years. Microsoft also does not recognize Quintero as the first to discover this vulnerability.

Kareem Winters

Update 18 August 2020