"GlueBall” Microsoft Windows Spoofing

By Fortra's Digital Defense

“GlueBall” CVE-2020-1464

As part of the Patch Tuesday release on August 11th, 2020, Microsoft included a zero day vulnerability that had gone unfixed for several years.  This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass security features built into Windows to validate file signatures, ultimately allowing an attacker to run improperly signed binaries on a system.  This spoofing vulnerability was first seen in the wild being used by malware in August 2018, when several researchers notified Microsoft of the problem.  It is recommended that the MS20-AUG patch be applied immediately as it will correct how Windows validates file signatures. 

Frontline.Cloud includes an authenticated check 138007 MS20-AUG, a High rated severity added August 14th, 2020.

*At the time of this case study, Fortra VM and its corresponding security solutions were referred to under the Frontline brand.

Share This