Security News > 2020 > October > Microsoft fixes Windows certificate spoofing bug abusing CAT files
Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files.
The flaw allows an attacker to combine a legitimately signed Microsoft Windows Installer package with the attacker's JAR file into an encapsulating JAR file.
"A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files," Microsoft's CVE-2020-16922 advisory states.
In a private Microsoft enterprise security advisory shared with BleepingComputer, Microsoft explains that yesterday's update extends August's CVE-2020-1464 to include Microsoft catalog files, which can also be signed with a digital signature.
"Malware authors have exploited this vulnerability by crafting polyglot malware, combining multiple file types to produce a new merged type. More specifically, they have used validly signed MSI or CAT files from Microsoft and other software publishers, combining them with malicious Java archives and files to take full advantage of the way JAR files are read," the advisory further continued.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: January Windows security updates break audio playback (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16922 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 0.0 |
| 2020-08-17 | CVE-2020-1464 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 0.0 |