Cybersecurity Announcement: Pre-authenticated RCE Vulnerability in Microsoft Windows SPNEGO Extended Negotiation Security Mechanism

About the Event

Microsoft has recently revised the severity for SPNEGO Extended Negotiation security mechanism (NEGOEX) vulnerability to critical from its previous High severity from the September 2022 patch release. The vulnerability is being tracked as CVE-2022-37958.

Actions to Consider

Microsoft has a patch available for fixing the vulnerability. It is recommended by Microsoft, the researcher and Cybersecurity to install the Microsoft patch as soon as possible.

Event Impact

Security researchers recently found and notified Microsoft of the vulnerability impact being pre-authenticated remote code executable. This differs from the previously understood status of the threat requiring the attacker to prepare the target environment. The vulnerability can allow attackers to use it against any Windows application that authenticates by default. This will include Windows protocols HTTP, SMB and Remote Desktop. It has the potential to be worm-able and can be exploited to achieve remote code execution.

References the links to the KB patches)