• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft reclassifies spnego extended negotiation security vulnerability as critical rce

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as Critical RCE

You are here: Home / General Cyber Security News / Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as Critical RCE
December 15, 2022

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to “Critical” just after it emerged that it could be exploited to obtain remote code execution.

Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was earlier explained as an information disclosure vulnerability in SPNEGO Prolonged Negotiation (NEGOEX) Security System.

SPNEGO, short for Easy and Guarded GSSAPI Negotiation System (SPNEGO), is a scheme that makes it possible for a shopper and distant server to get there at a consensus on the selection of the protocol to be utilised (e.g., Kerberos or NTLM) for authentication.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

But a additional investigation of the flaw by IBM Security X-Pressure researcher Valentina Palmiotti observed that it could enable remote execution of arbitrary code, prompting Microsoft to reclassify its severity.

“This vulnerability is a pre-authentication distant code execution vulnerability impacting a large assortment of protocols,” IBM explained this week. “It has the probable to be wormable.”

Specifically, the shortcoming could help remote code execution by way of any Windows application protocol that authenticates, such as HTTP, SMB, and RDP. Specified the criticality of the issue, IBM said it can be withholding specialized particulars until Q2 2023 to give companies enough time to utilize the fixes.

“Successful exploitation of this vulnerability requires an attacker to prepare the goal environment to boost exploit trustworthiness,” Microsoft cautioned in its current advisory.

“In contrast to the vulnerability (CVE-2017-0144) exploited by EternalBlue and used in the WannaCry ransomware attacks, which only influenced the SMB protocol, this vulnerability has a broader scope and could perhaps have an effect on a broader selection of Windows devices owing to a much larger attack surface of companies exposed to the general public internet (HTTP, RDP, SMB) or on inside networks,” IBM mentioned.

Found this write-up attention-grabbing? Stick to us on Twitter  and LinkedIn to read through much more distinctive content material we write-up.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «us begins seizure of 48 ddos for hire services following global investigation US begins seizure of 48 DDoS-for-hire services following global investigation
Next Post: Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities researchers uncover mirrorface cyber attacks targeting japanese political entities»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.