Background: Magento is an e-commerce platform written in PHP atop the zend-framework, available under both open-source and commercial licenses. It is written in an advanced object-oriented idiom that uses the MVC pattern and XML configuration files, aiming for flexibility and extensibility.

Vulnerabilities announced this week – Hints
Vendor have the right to remain vulnerability details and not disclose to public. And therefore we only obtain below information.

PHP Object Injection – Arbitrary code execution (Critical) – CVE-2020-9663

Stores cross-site scripting – Sensitive information disclosure (Important) – CVE-2020-9665

Please refer to attached diagram. Perhaps it will let you find out the root causes.

Official announcement: https://helpx.adobe.com/security/products/magento/apsb20-41.html

Preface: On Jul 2019, found vulnerability in the Windows Spatial Data Service could allow file deletion in arbitrary locations on Windows system found The official announcement this week state that Windows Spatial Data Service improperly handles objects in memory causes elevation of Privilege Vulnerability.

Background: The Spatial Data Service is running as NT AUTHORITY\LocalService in a shared process of svchost[.]exe.
This service is used for Spatial Perception scenarios. This service exists in Windows 10 only.

Vulnerability details: If a number is higher or lower than a range of values or there are too many characters in a text entry, a boundary error occurs. The vulnerability exists due to a boundary error when the Windows Spatial Data Service improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.

Official remedy solution – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1441

Preface: In order to avoid the impact of the vulnerability. VMware do not provide the details for CVE-2020-3961.

Synopsis: This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Vulnerability details: VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries.

My observation: Perhaps the idea displayed on attached diagram may also have the way to do the same thing.

Reference: A local dll injection vulnerability has been discovered in the official Notepad++ software.The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges.

Official announcement – please refer following link https://www.vmware.com/security/advisories/VMSA-2020-0013.html

Preface: Microsoft has released a security advisory to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3) on 11th Mar 2020.

Synopsis: The proof of concept code vulnerability has been made public. Attacker do the exploit is that send a specially crafted packet to a targeted SMBv3 server. (refer to attached diagram). The result would be similar to the WannaCry and NotPetya attacks from 2017, which used the EternalBlue exploit for SMB v1.

Workarounds: Disabling SMBv3 Compression – refer to attached diagram. The solution display in the bottom .

Remedy solution by Microsoft – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

CISA urge to public – Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports. CISA strongly recommends using a firewall to block SMB ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.