From royce at tycho.org  Thu Dec 15 06:32:02 2022
From: royce at tycho.org (Royce Williams)
Date: Thu, 15 Dec 2022 06:32:02 -0900
Subject: [aklug] Windows SPNEGO vuln CVE-2022-37958 reclassified as Critical
 (RCE)
Message-ID: <CA+E3k90AbbHjpf90DzbFZPdgdTZ+yDOWctg7_Rjof3QNZ1Qfag@mail.gmail.com>

https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html

Now reclassified as Critical because of newly confirmed proof of remote
code execution (RCE). Has been described as wormable. Windows 7 family
(workstation class and server class OSes) and up affected. SPNEGO is used
by SMB, RDP, and HTTP (and therefore, IIS). Covered by this week's Patch
Tuesday patches.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958

-- 
Royce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20221215/1135cebe/attachment.htm>