[aklug] Windows SPNEGO vuln CVE-2022-37958 reclassified as Critical (RCE)
Royce Williams
royce at tycho.org
Thu Dec 15 06:32:02 AKST 2022
https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html
Now reclassified as Critical because of newly confirmed proof of remote
code execution (RCE). Has been described as wormable. Windows 7 family
(workstation class and server class OSes) and up affected. SPNEGO is used
by SMB, RDP, and HTTP (and therefore, IIS). Covered by this week's Patch
Tuesday patches.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958
--
Royce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20221215/1135cebe/attachment.htm>
More information about the aklug
mailing list