Preface: In order to avoid the impact of the vulnerability. VMware do not provide the details for CVE-2020-3961.

Synopsis: This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Vulnerability details: VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries.

My observation: Perhaps the idea displayed on attached diagram may also have the way to do the same thing.

Reference: A local dll injection vulnerability has been discovered in the official Notepad++ software.The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges.

Official announcement – please refer following link https://www.vmware.com/security/advisories/VMSA-2020-0013.html

Preface: Microsoft has released a security advisory to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3) on 11th Mar 2020.

Synopsis: The proof of concept code vulnerability has been made public. Attacker do the exploit is that send a specially crafted packet to a targeted SMBv3 server. (refer to attached diagram). The result would be similar to the WannaCry and NotPetya attacks from 2017, which used the EternalBlue exploit for SMB v1.

Workarounds: Disabling SMBv3 Compression – refer to attached diagram. The solution display in the bottom .

Remedy solution by Microsoft – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

CISA urge to public – Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.

Preface: Bluetooth enabled consumer electronics such as mobile phones, cameras simplify data sharing between devices. For instance, smartphone can wirelessly connect to a headset to make hands-free calling easier or can send pictures to another.

Background: The Bluetooth market has changed dramatically in the past three to four years. Perhaps is the potential power of smarthome concept.If you are moving a lot of data or streaming media, then you should go with a Bluetooth BR/EDR solution.

Vulnerability details: An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. That is your neighbor might conduct similar type of man-in-the-middle attack from the opposite side of the wall. With reference to existing attack method. In order to conduct the attack successfully, attacker must relies on 3rd party hardware and Linux machine (refer to attached diagram). So, if you are not in frequent to use Bluetooth function. I would recommend that turn off your Bluetooth (BR/EDR) function before patch.

Official announcement – please refer to following link https://kb.cert.org/vuls/id/647177