The actively exploited Windows spoofing vulnerability (CVE-2020-1464) recently patched by Microsoft has been known for more than two years, researchers revealed. Microsofts August 2020 Patch Tuesday security updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks in the wild. The flaw affects many Windows OSs, including Windows 7 and Windows Server 2008, for which the IT giant will not provide security updates because the systems reached the end-of-life. The most serious aspect is that Microsoft was aware of the bug but did not fix it.”]
Source: https://securityaffairs.co/wordpress/107314/hacking/cve-2020-1464-windows-spoofing-flaw.html