Microsoft Put Off Fixing Zero Day for 2 Years
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
This is fucking bonkers https://t.co/XXiwW2b062
— SwiftOnSecurity (@SwiftOnSecurity) June 13, 2020
What does this matter?
1) Attackers can bypass security features(Any antivirus/security endpoint) and load improperly signed files
2)Windows cannot validate file signatures correctly
3)This was first spotted in attacks used in the wild back in August 2018
What is the mitigation
