Improper fix to the RDP vulnerability (CVE-2019-0887) "fixed' with CVE-2020-0655 but, "as we’ve seen when analyzing Microsoft’s patch for CVE-2020-0655, this fix does not address the core vulnerability in the PathCchCanonicalize function."
https://research.checkpoint.com/2020/reverse-rdp-the-path-not-taken/ …