Preface: Two different methods and names, but similar in function.
AMD CPUs with four cores use simultaneous multithreading to provide eight threads, and most Intel CPUs with two cores use hyper-threading to provide four threads.

Background: In IBM S390 system configuration. Use the smt= and nosmt kernel parameters to control multithreading.
By default, Linux in LPAR mode uses multithreading if it is provided by the hardware.
In Linux terminology, simultaneous multithreading is also known as SMT or Hyper-Threading. With multithreading enabled, a single core on the hardware is mapped to multiple logical CPUs on Linux. Thus, multiple threads can issue instructions to a core simultaneously during each cycle.

Vulnerability details: When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Remark: AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due to existing mitigations applied to address other speculation-based issues, theoretical avenues for potential exploit of CVE-2022-27672 may be limited only to select virtualization environments where a virtual machine is given special privileges. As of this notice, AMD is not aware of any actual real-world exploits based on this behavior.

Official announcement: For details, please refer to the link – https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045

Preface: iOS 16 is the sixteenth and current major release of the iOS mobile operating system developed by Apple for its iPhone line of products. It was announced at the company’s Worldwide Developers Conference (WWDC) on June 6, 2022, as the successor to iOS 15.

Background: Use-after-free is still a common bug class because the task of manually identifying them, especially in large and complex codebases is a challenge. If program does not clear the pointer after freeing memory allocation. It is possible to encounter use-after-free vulnerability.
An attacker can use UAFs to pass arbitrary code or a reference to it. To a program and navigate to the beginning of the code by using a dangling pointer.

Vulnerability details: An app may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management.

Official announcement: For customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
For details, see the link – https://support.apple.com/en-us/HT213635

Preface: It was the periodically recurring SAP Security Note #2622660 which patches the latest Chromium vulnerabilities for SAP Business Client.

Background: Difference between SAP NWBC and SAP GUI?
Web Dynpro is the SAP NetWeaver programming model for user interfaces (UIs).
– Using SAP GUI, when you execute WD (Web Dynpro) application, it opens in a browser.

-The SAP NetWeaver Business Client enables direct connectivity to the ABAP back-end system and PFCG role repository centrally holding SAP GUI, Web Dynpro and various Web content applications. NWBC provides role-based access to applications either.

Remark: SAP GUI is a prerequsite of NWBC client. You will still require SAP GUI to be installed on the desktop.

Update – Security updates for the browser control Google Chromium delivered with SAP Business Client (2622660): This security note addresses multiple vulnerabilities in the 3rd party web browser control Chromium, which can be used within SAP Business Client. This note will be modified periodically based on web browser updates by the open-source project Chromium. The note priority is based on the highest CVSS score of all the vulnerabilities fixed in the latest browser release. If the SAP Business Client release is not updated to the latest patch level, displaying web pages in SAP Business Client via this open-source browser control might lead to different vulnerabilities like memory corruption, Information Disclosure and the like. The solution will be to update the SAP Business Client patch to the newest one, which contains the most current stable major release of the Chromium browser control, which passed the SAP internal quality measurements of SAP Business Client. CVSS v3 Base Score: 10 / 10 (Multiple CVE´s).

Technical articles: SAP Security Patch Day (February 2023. For details, please refer to the url link – https://blogs.sap.com/2023/02/14/sap-security-patch-day-february/

Preface: When an Android application needs to access sensitive resources on the device, whether it hit design weakness lead to vulnerability occurs.

Background: Usually, if we want to add some user permissions, we write the following code in the AndroidManifest[.]xml file:

The android system grants these permissions at the installation time but there is one condition. The app that is asking for some permission must be signed with the same signature as that of the app that defines the required permission.

Following are some of the Signature permissions:
1. BIND_ACCESSIBILITY_SERVICE
2. BIND_AUTOFILL_SERVICE
3. BIND_CARRIER_SERVICE
4. BIND_DEVICE_ADMIN
5. BIND_INPUT_METHOD
6. BIND_NFC_SERVICE
7. BIND_TV_INPUT
8. BIND_WALLPAPER
9. READ_VOICEMAIL
10. WRITE_SETTINGS
11. WRITE_VOICEMAIL

Vulnerability details: In permissions of AndroidManifest[.]xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Official announcement: For details, see the link – https://nvd.nist.gov/vuln/detail/CVE-2023-20927

Preface: .NET is a free, cross-platform, open source developer platform for building many different types of applications. With .NET, you can use multiple languages, editors, and libraries to build web, mobile, desktop, games, IoT, and more.

Background: The demand for .NET will continue to increase as long as new and better technologies are developed.
NET 6 is a LTS (Long Term Support) release and will be supported with bug and security fixes for (has to look it up) 3 years. . NET 7 however is a STS (Short Term Support) release and will only be supported for 18 months (6 months beyond the release of . NET 8).
The release date of .NET 8, which will ship during the .NET Conf 2023 event about Nov. 10.

Internet Information Service (IIS) is the flexible and general-purpose web server provided by Microsoft that will be run on Windows.
IIS can be used to host, deploy, and manage web applications using technologies such as ASP.NET and PHP.
A PDB file is created when you compile a C/C++ program with /ZI or /Zi or a Visual Basic, Visual C#, or JScript program with the /debug option.
You need to configure your build machine to publish your .pdb files into a known directory which is later used in your IIS configuration.
However, when .PDB files on website exception occurs, and you do not aware to set the CustomErrors property in web.config. The stack trace will be displayed with file names and line numbers.

Vulnerability details: A vulnerability exists in how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution.

Solution: For details, see the link – https://devblogs.microsoft.com/dotnet/february-2023-updates/

Preface: This design weakness was released 30th Jan 2023. However, this vulnerability is known as CVE-2022-42292 since 10/03/2022. But it already been fixed.

Background: The GeForce Experience features a host of performance and configuration tweaks for games, automatic driver updates for your GPU, Nvidia Shadowplay for live streaming, integrated game filters (like Instagram filters but for your PC games), and many more powerful options.

Vulnerability details: NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.

Official announcement: For details, see the link – https://nvidia.custhelp.com/app/answers/detail/a_id/5384/kw/cve-2022-42292

My observation:
I speculate that this vulnerability will affect home users rather than business users. Since the domain user account has best practice Windows access control policies which driven by IT department.

For your reference:
Symbolic links have irrelevant access permissions. Users are only prevented from operating on a symlink by the permissions of its parent directory and the target file. Windows 11 doesn’t require administrative privileges to create symbolic links.

Apart from above concern. Actually, it’s easy to setup access restrictions for home user. You can do it yourself.

Enable Administrator account on Windows 11 from Command Prompt
1. Open Start on Windows 11.
2. Run “Command Prompt”, right-click the top result, and select the Run as administrator option.
3. Type the following command to enable the Windows 11 Administrator account and press Enter: net user “Administrator” /active:yes.

Preface: What is the benefits of corrective action. A motivation to maintain sustainability.

Background: Background: X.509 describes an approach to providing and managing authentication using asymmetric cryptography, generally referred to as Public Key Infrastructure (PKI).
If X.400 defined authentication mechanism using x.509 PKI:
It enhance end to end services for content integrity, message origin authentication and message sequence integrity.

Certificate extensions were introduced in version 3 of the X. 509 standard for certificates. These v3 extensions allow certificates to be customized to applications by supporting the addition of arbitrary fields in the certificate.

OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) .

Vulnerability details: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

My observation: Whether the attacker use a vulnerability exploit method similar to CVE-2020-1971 as an attack?
OpenSSL’s s_server, s_client and verify mechanism have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those mechanism. The way is that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL’s parser will accept and hence trigger this attack.

Official announcement: For details, see the link (below):

https://nvd.nist.gov/vuln/detail/CVE-2023-0401
https://www.openssl.org/news/secadv/20230207.txt