Sequretek Advisory - Critical Remote Code Execution Vulnerability Found in SPNEGO
12/19/2022

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022- 37958). Microsoft has now reclassified the vulnerability as “Critical” severity after it was discovered that the vulnerability could allow attackers to remotely execute code.

• In September 2022, Microsoft issued a patch for a vulnerability found in the common Windows protocol SPNEGO NEGOEX.

• At the time, CVE-2022-37958 had a CVSS score of 3.1 and was not considered to be critical.

• However, it was recently discovered that the vulnerability could allow an attacker to remotely execute code, impacting a wide range of Windows systems.

• As a result of this new information, Microsoft has upgraded CVE-2022-37958 to critical and it now has a CVSS score of 8.1.

Sign Up Here for Download