Preface: Currently, there are no known workarounds or mitigations for these vulnerabilities. Thankfully, the Redmond adds that the flaws are not publicly disclosed and that there are no known exploits in the wild. The firm credits Trend Micro’s Zero Day Initiative for privately disclosing the bugs.

Background:
From security point of view, attacker who keen to bypassing Windows Heap Protection traditionally by re-use method. However Microsoft had build heap protection since windows XP SP2 age. As of today, generic heap exploitation approaches not effective. There is no more easy write4. But attacker can relies on application technique. Which means controlling the controlling the algorithm to position data carefully on the heap. The historical method like Multiple Write4 with a combination of the Lookaside and the FreeList.

Microsoft has released security updates to address vulnerabilities in Windows 10.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1457

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1425

Preface: SAML implements a secure method of passing user authentications and authorizations between the identity provider and service providers. When a user logs into a SAML enabled application, the service provider requests authorization from the appropriate identity provider.

Design weakness: The design weakness of SAML was not XML edge cases nor attacker stealing your signing keys.
SAML mistaken allowing your users to log in to apps throught they couldn’t access. In order to avoid this matter happen. You should ensure your SAML assertions only work with the right apps, use unique signing keys for each app or service provider.

Palo Alto Releases Security Updates for PAN-OS: Authentication Bypass – details refer to following link. https://security.paloaltonetworks.com/CVE-2020-2021

Preface: Dedicated to the specific industry, so called operation technology.

Details: Schneider Electric announce to public that their Easergy T300 has design weakness. When you go through the document (see below url). It official inform that you have to trust your source and make use of your firewall or VPN enforcing the protection. Perhaps you might ask, why don’t vendor issue a firmware upgrade. Yes, my idea is that this is one of the different in between information technology and operation technology. The standpoint of my idea do not written here because the post here only for short message. In short, the official recommendation should taken. Additional, in order to avoid the malware infection. It is better to enhance the DNS lookup function. As of today, Clean DNS service not expensive and easy to implement. The admin only modify workstation and server DNS IP address. My comment is that this is a cost effective solution to avoid malware infection because it increase the difficult to Mr. Malware contact with their C&C server.

https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2020-161-04_Easergy_T300_Security_Notification.pdf&p_Doc_Ref=SEVD-2020-161-04

Preface: As of June 2020, Apache is used by 37.7% of all the websites.

Versions Affected:
Apache Tomcat 10.0.0 – M1 to 10.0.0 – M5
Apache Tomcat 9.0.0. M1 to 9.0.35
Apache Tomcat 8.5.0 to 8.5.55

Impact: An attacker could exploit this vulnerability to cause a denial-of-service condition.

Background: HTTP/2 uses header compression which requires a strict commitment of resources compared to HTTP/1.1. The attack vectors for the vulnerabilities discovered in HTTP/2 follow a certain pattern. The main goal is to setup a queue of responses to exhaust the resources on a server.

Official announcement: The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 – http://mail-archives.us.apache.org/mod_mbox/www-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E

Preface: If you don’t use the VMware 3D graphics feature. Perhaps the remedy solution this week by vendors in 3D features fixed will not your focus. But how about USB feature?

Background: To enable PCI devices to interrupt the CPU, all PCI devices on the PCI bus are assigned an IRQ number. The VMkernel uses discovery and interrupt rerouting mechanisms provided by the BIOS to assign these IRQ numbers. In certain cases due to hardware design, however, two or more devices might be tied to the same interrupt controller pin.

Impact:A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine’s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine.

Concept: Refer to attached diagram

Remedy: Official announcement -https://www.vmware.com/security/advisories/VMSA-2020-0015.html

Background: Magento is an e-commerce platform written in PHP atop the zend-framework, available under both open-source and commercial licenses. It is written in an advanced object-oriented idiom that uses the MVC pattern and XML configuration files, aiming for flexibility and extensibility.

Vulnerabilities announced this week – Hints
Vendor have the right to remain vulnerability details and not disclose to public. And therefore we only obtain below information.

PHP Object Injection – Arbitrary code execution (Critical) – CVE-2020-9663

Stores cross-site scripting – Sensitive information disclosure (Important) – CVE-2020-9665

Please refer to attached diagram. Perhaps it will let you find out the root causes.

Official announcement: https://helpx.adobe.com/security/products/magento/apsb20-41.html

Preface: On Jul 2019, found vulnerability in the Windows Spatial Data Service could allow file deletion in arbitrary locations on Windows system found The official announcement this week state that Windows Spatial Data Service improperly handles objects in memory causes elevation of Privilege Vulnerability.

Background: The Spatial Data Service is running as NT AUTHORITY\LocalService in a shared process of svchost[.]exe.
This service is used for Spatial Perception scenarios. This service exists in Windows 10 only.

Vulnerability details: If a number is higher or lower than a range of values or there are too many characters in a text entry, a boundary error occurs. The vulnerability exists due to a boundary error when the Windows Spatial Data Service improperly handles objects in memory. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system.

Official remedy solution – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1441