A 10-year-old Windows vulnerability is still being exploited in attacks to make executables appear legitimately signed, with the fix from Microsoft still “opt-in” after all these years. Even worse, the fix is removed after upgrading to Windows 11.