Security News > 2020 > October > Microsoft fixes Windows certificate spoofing bug abusing CAT files
Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files.
The flaw allows an attacker to combine a legitimately signed Microsoft Windows Installer package with the attacker's JAR file into an encapsulating JAR file.
"A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files," Microsoft's CVE-2020-16922 advisory states.
In a private Microsoft enterprise security advisory shared with BleepingComputer, Microsoft explains that yesterday's update extends August's CVE-2020-1464 to include Microsoft catalog files, which can also be signed with a digital signature.
"Malware authors have exploited this vulnerability by crafting polyglot malware, combining multiple file types to produce a new merged type. More specifically, they have used validly signed MSI or CAT files from Microsoft and other software publishers, combining them with malicious Java archives and files to take full advantage of the way JAR files are read," the advisory further continued.
News URL
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: April 2025 updates break Windows Hello on some PCs (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Microsoft starts final Windows Recall testing before rollout (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: New Windows updates fix Active Directory policy issues (source)
- Microsoft tells Windows users to ignore 0x80070643 WinRE errors (source)
- Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16922 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 0.0 |
| 2020-08-17 | CVE-2020-1464 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 0.0 |