Microsoft Took Two Years to Fix a Zero-Day Windows Vulnerability

By Novak Bozovic / August 17, 2020

Last week (on August 11, 2020), Microsoft issued fixes for a large number of security holes via the company's regular "Patch Tuesday" update. More precisely, 120 security holes have been plugged, making various versions of Windows much safer. However, one particular zero-day vulnerability has now raised plenty of attention because Microsoft took two years to come up with a solution.

The vulnerability we're talking about here has been identified as "CVE-2020-1464." As per Microsoft's notes, this "spoofing vulnerability" could trick Windows into validating file signatures that could be malicious. More precisely, this is a Windows vulnerability that's related to code signing. As a result, malicious actors could exploit it to bypass security features intended to prevent improperly signed files from being loaded.

Related Content: Microsoft Notepad Vulnerability Leads to Remote Shell Access / Microsoft Accidentally Leaks Unfixed Wormable SMB Vulnerability

The Redmond-based company didn't provide too many details about this vulnerability. Instead, Microsoft noted that the vulnerability had been publicly disclosed and under active exploitation. However, there's no mention of security researchers who have discovered this severe vulnerability or any other similar information.

What's interesting about the "CVE-2020-1464" vulnerability is the fact that Microsoft took two years to plug it. The first public mention of the vulnerability happened on January 15, 2019, in a post published on VirusTotal's blog. The blog post was published by Bernardo Quintero, the manager of Google-owned VirusTotal.

Quintero explains how Microsoft Windows keeps the Authenticode signature valid after appending any content to the end of Windows Installer (MSI) files signed by any software developer. This allows malicious actors to trick Windows into allowing MSI files to be executed, which could be especially dangerous if the appended code is a malicious JAR file. That would allow any type of malware to be directly executed by Java.

The first time someone uploaded a malware sample containing this vulnerability happened in August 2018. At the time of writing this article, the most recent submission occurred less than an hour ago. As per the latest result, 27 out of 59 antivirus programs have marked the file as malware. This means that there's still a significant possibility of someone using this vulnerability to infect unpatched systems.

With all of this said, it's clear that the "CVE-2020-1464" vulnerability (also known as GlueBall) is a severe one. Besides, many security researchers have reported it to Microsoft numerous times in the last 18 months. Therefore, it's quite strange that the tech giant took this much time to finally fix it.

When it comes to regular Windows users, one thing is clear - ensuring that you're applying the latest security patches is crucial to keeping your data safe and protected. If you haven't downloaded the latest "Patch Tuesday" fix, make sure to do so as soon as possible.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: