Microsoft fixes certificate spoofing vulnerability abusing CAT files

This one hasn't been talked about much publicly, but an advisory shared with Microsoft enterprise customers (and BleepingComputer) mentions use of .CAT files to spoof signatures on Windows.