Is this actually a CVE?
The headline at least looks more like lOoK, sSh eXplOiTeRs uSe sSh cLiEnTs tO eXpLoIt sSh CVEs!!1!1elf11
TL;DR: Free Software being repackaged with malware in order to trick people who download from fake websites like Softonic and shit. No PuTTY exploit, no Win exploit, just pure user error.
Edit 2: The big exploit according to the Article is that now the malware dosent need OpenSSH since its integrated into win already by default. But again, any fake game website could have just promted the user to install that, since most users are that dumb and will just do what the website tells them anyway