In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022- 37958). Microsoft has now reclassified the vulnerability as “Critical” severity after it was discovered that the vulnerability could allow attackers to remotely execute code.
• In September 2022, Microsoft issued a patch for a vulnerability found in the common Windows protocol SPNEGO NEGOEX.
• At the time, CVE-2022-37958 had a CVSS score of 3.1 and was not considered to be critical.
• However, it was recently discovered that the vulnerability could allow an attacker to remotely execute code, impacting a wide range of Windows systems.
• As a result of this new information, Microsoft has upgraded CVE-2022-37958 to critical and it now has a CVSS score of 8.1.