“GlueBall” CVE-2020-1464
As part of the Patch Tuesday release on August 11th, 2020, Microsoft included a zero day vulnerability that had gone unfixed for several years. This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass security features built into Windows to validate file signatures, ultimately allowing an attacker to run improperly signed binaries on a system. This spoofing vulnerability was first seen in the wild being used by malware in August 2018, when several researchers notified Microsoft of the problem. It is recommended that the MS20-AUG patch be applied immediately as it will correct how Windows validates file signatures.
Frontline.Cloud includes an authenticated check 138007 MS20-AUG, a High rated severity added August 14th, 2020.
*At the time of this case study, Fortra VM and its corresponding security solutions were referred to under the Frontline brand.