Microsoft Reclassifies SPNEGO Prolonged Negotiation Safety Vulnerability as ‘Crucial’

Deal Score0
Deal Score0

Dec 15, 2022Ravie LakshmananHome windows Safety / Community Safety

Microsoft has revised the severity of a safety vulnerability it initially patched in September 2022, upgrading it to “Crucial” after it emerged that it may very well be exploited to attain distant code execution.

Tracked as CVE-2022-37958 (CVSS rating: 8.1), the flaw was beforehand described as an information disclosure vulnerability in SPNEGO Prolonged Negotiation (NEGOEX) Safety Mechanism.

SPNEGO, brief for Easy and Protected GSSAPI Negotiation Mechanism (SPNEGO), is a scheme that enables a shopper and distant server to reach at a consensus on the selection of the protocol for use (e.g., Kerberos or NTLM) for authentication.


However a further analysis of the flaw by IBM Safety X-Power researcher Valentina Palmiotti discovered that it might enable distant execution of arbitrary code, prompting Microsoft to reclassify its severity.

“This vulnerability is a pre-authentication distant code execution vulnerability impacting a variety of protocols,” IBM said this week. “It has the potential to be wormable.”

Specifically, the shortcoming might allow distant code execution through any Home windows utility protocol that authenticates, together with HTTP, SMB, and RDP. Given the criticality of the problem, IBM stated it is withholding technical particulars till Q2 2023 to present organizations sufficient time to use the fixes.

“Profitable exploitation of this vulnerability requires an attacker to arrange the goal surroundings to enhance exploit reliability,” Microsoft cautioned in its up to date advisory.

“Not like the vulnerability (CVE-2017-0144) exploited by EternalBlue and used within the WannaCry ransomware assaults, which solely affected the SMB protocol, this vulnerability has a broader scope and will doubtlessly have an effect on a wider vary of Home windows methods resulting from a bigger assault floor of providers uncovered to the general public web (HTTP, RDP, SMB) or on inside networks,” IBM famous.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general