As part of the August 2020 Patch Tuesday, Microsoft fixed a vulnerability that allowed MSI files to be converted into malicious Java executables while retaining a legitimate company’s digital signature. The vulnerability is tracked as CVE-2020-1464 and is described by Microsoft as a spoofing vulnerability in how Windows validates signature files. It was later noted in a blog post by security researchers Tal Be’ery, of Zengo, and Peleg Hadar, of SafeBreach Labs, that this update is for a bug reported two years ago that Microsoft originally stated they would not be fixing.
Source: https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-windows-bug-reported-2-years-ago/