One of the gaps security which was fixed on Tuesday 11 August (Patch Tuesday) affects Windows 7, Windows 8.1, Windows 10, and several versions of Windows Server, and Microsoft itself has reported attacks that use this flaw.
This is an operating system spoofing vulnerability system and documented in CVE-2020-1464.
“A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass them possibilities security and load files that are not properly signed. In an attack scenario, an attacker could bypass security features to prevent improperly signed files from being loaded," Microsoft said.
The company knew that exploit was operating and that it was publicly disclosed in 2018.
KrebsOnSercurity reveals that the spoofing vulnerability was reported to Microsoft by Bernardo Quintero, its director VirusTotal.
"Microsoft has decided not to resolve this issue in the current versions of Windows and has agreed that we may publish this exploit." refers in Virus Total.
Tal Be'ery, security researcher and founder of KZen Networks, also points out that the flaw was discovered in the summer of 2018 and somehow Microsoft decided not to fix it.
Microsoft, on the other hand, does not answer why it left its customers' devices exposed for so long from 2018 and waiting until August 2020 to resolve the defect.
Note that devices running Windows 7, which are themselves exposed to the same attack, will not be updated as support expired in January 2020.
