A critical remote code execution vulnerability has been discovered in the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism).
CVE-2022-37958
The Vulnerability CVE-2022-37958, has been rated as having a CVSS score of 10, the highest possible severity rating. Microsoft has previously patched the original vulnerability associated with this CVE (Information Disclosure/Low) on its September 13, 2022 Monthly Rollup and on December 13, 2022, the severity rating was raised to a High Severity.
Although rated “critical” by Microsoft, the CVSS 3.1 score 8.1 (High) was assigned due to the complexity of the attack and that multiple attempts may be required.
Recommendation
To protect against this vulnerability, it is important to ensure that all systems that use RDP and SMB are regularly patched and updated. This will help to prevent attackers from exploiting the vulnerability.
In addition, it is important to use strong and unique passwords for RDP and SMB connections, and to regularly change these passwords to prevent unauthorized access.
Organizations should ensure they’ve applied the Microsoft security patches provided in September 2022. If they haven’t been, they should be as soon as possible.
If you cannot apply the patch immediately, you should limit Windows authentication to Kerberos or Net-NTLM and remove “Negotiate” from the default option.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment