Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical

Home/BOTNET, Compromised, Data Breach, Internet Security, Microsoft, Mobile Security, Security Advisory, Security Update, Tips/Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical

Microsoft Reevaluates SPNEGO NEGOEX Vulnerability CVE-2022-37958 as Critical

A critical remote code execution vulnerability has been discovered in the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism).

CVE-2022-37958

The Vulnerability CVE-2022-37958, has been rated as having a CVSS score of 10, the highest possible severity rating. Microsoft has previously patched the original vulnerability associated with this CVE (Information Disclosure/Low) on its September 13, 2022 Monthly Rollup and on December 13, 2022, the severity rating was raised to a High Severity.

Although rated “critical” by Microsoft, the CVSS 3.1 score 8.1 (High) was assigned due to the complexity of the attack and that multiple attempts may be required.

Recommendation

To protect against this vulnerability, it is important to ensure that all systems that use RDP and SMB are regularly patched and updated. This will help to prevent attackers from exploiting the vulnerability.

In addition, it is important to use strong and unique passwords for RDP and SMB connections, and to regularly change these passwords to prevent unauthorized access.

Organizations should ensure they’ve applied the Microsoft security patches provided in September 2022. If they haven’t been, they should be as soon as possible.

If you cannot apply the patch immediately, you should limit Windows authentication to Kerberos or Net-NTLM and remove “Negotiate” from the default option. 

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!