Fortinet Discovers Windows MSI Signature Spoofing Vulnerability
Fortinet's FortiGuard Labs has discovered a vulnerability to bypass Windows Installer (MSI) Authenticode signature validation.
Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. The installation information, and optionally the files themselves, are packaged in installation packages, loosely relational databases structured as COM Structured Storages and commonly known as "MSI files", from their default filename extensions.
A bypass vulnerability has been discovered in Windows Installer Authenticode signature validation. The vulnerability exists due to the signature computation mechanism. It could allow an attacker to disguise an altered MSI as legitimate installer.
SolutionsUsers should apply the solution provided by Microsoft.
Fortinet reported the vulnerability to Microsoft on July 21, 2021.
Microsoft confirmed the vulnerability on July 30, 2021.
Microsoft patched the vulnerability on October 12, 2021.