Good find by Elastic - North Korean based threat actors using an unfixed bug in Windows to execute code, undetected across all vendors until that point (and as of writing only Elastic detect still)
They’ve named it GrimResource https://www.elastic.co/security-labs/grimresource