This vulnerability is tracked as CVE-2020-1464 and is described by Microsoft as a spoofing vulnerability in how Windows validates signature files. It was later noted in a blog post
by some security researchers that this update is for a bug reported two years ago on August 18th, 2018, and that Microsoft originally stated they would not be fixing. With the patch for CVE-2020-1464, Windows will no longer considered MSI files to be signed
if they have been tampered by having a JAR file appended to it.
Learn more >