A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the files signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures.
Weakness
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_10 | Microsoft | - (including) | - (including) |
| Windows_10 | Microsoft | 1607 (including) | 1607 (including) |
| Windows_10 | Microsoft | 1703 (including) | 1703 (including) |
| Windows_10 | Microsoft | 1709 (including) | 1709 (including) |
| Windows_10 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_10 | Microsoft | 1809 (including) | 1809 (including) |
| Windows_10 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_server_2016 | Microsoft | - (including) | - (including) |
| Windows_server_2016 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_server_2016 | Microsoft | 1903 (including) | 1903 (including) |
| Windows_server_2019 | Microsoft | - (including) | - (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/145.html
- https://cwe.mitre.org/data/definitions/463.html
- https://cwe.mitre.org/data/definitions/75.html