This is a fun one from Elastic Security Labs.
https://www.elastic.co/security-labs/dismantling-smart-app-control
In the process of canonicalizing the path in a LNK file when it is clicked on, Windows rewrites the LNK file, clobbering the Mark of the Web (MotW) along with it. The impact here is that things that rely on MotW, e.g. Smart App Control (SAC) or SmartScreen, fail to protect the user in any way with such files. This has been abused ITW for 6 years.
MSRC has said that they might possibly address it in the future.
There is no CVE for this, as Microsoft doesn't assign CVEs to vulnerabilities. They assign CVEs to fixes.