Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413

[balor]

Okta Security discovered a new bypass in Windows Installer (MSI) Authenticode signature validation that could allow one to disguise an altered package as legitimate software.
Pretty interesting read.
Hope you guys find it as interesting as I did.
https://sec.okta.com/articles/2021/04/uncovering-and-disclosing-signature-spoofing-vulnerability-windows