An Improperly Patched Path Traversal Flaw can be bypassed by replacing backward slashes in paths with forward slashes. Microsoft patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update. Microsoft acknowledged the improper fix and re-patched the flaw in February 2020 Patch Tuesday. Check Point researcher disclosed that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function “PathCchCanonicalize,” unchanged.
Source: https://thehackernews.com/2020/05/reverse-rdp-attack-patch.html