Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to “Critical” just after it emerged that it could be exploited to obtain remote code execution.
Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was earlier explained as an information disclosure vulnerability in SPNEGO Prolonged Negotiation (NEGOEX) Security System.
SPNEGO, short for Easy and Guarded GSSAPI Negotiation System (SPNEGO), is a scheme that makes it possible for a shopper and distant server to get there at a consensus on the selection of the protocol to be utilised (e.g., Kerberos or NTLM) for authentication.
But a additional investigation of the flaw by IBM Security X-Pressure researcher Valentina Palmiotti observed that it could enable remote execution of arbitrary code, prompting Microsoft to reclassify its severity.
“This vulnerability is a pre-authentication distant code execution vulnerability impacting a large assortment of protocols,” IBM explained this week. “It has the probable to be wormable.”
Specifically, the shortcoming could help remote code execution by way of any Windows application protocol that authenticates, such as HTTP, SMB, and RDP. Specified the criticality of the issue, IBM said it can be withholding specialized particulars until Q2 2023 to give companies enough time to utilize the fixes.
“Successful exploitation of this vulnerability requires an attacker to prepare the goal environment to boost exploit trustworthiness,” Microsoft cautioned in its current advisory.
“In contrast to the vulnerability (CVE-2017-0144) exploited by EternalBlue and used in the WannaCry ransomware attacks, which only influenced the SMB protocol, this vulnerability has a broader scope and could perhaps have an effect on a broader selection of Windows devices owing to a much larger attack surface of companies exposed to the general public internet (HTTP, RDP, SMB) or on inside networks,” IBM mentioned.
Found this write-up attention-grabbing? Stick to us on Twitter and LinkedIn to read through much more distinctive content material we write-up.
Some elements of this article are sourced from: