[#Vuln] [#SPENGO] [#PatchNow] Back in September 2022 a critical Microsoft vulnerability in the SPNEGO Extended Negotiation (#NEGOEX) Security Mechanism was disclosed.

Most recently, IBM X-Force Security Researcher, Valentina Palmiotti (@chompie), discovered that exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.

Due to that discovery, Microsoft has now classified this vulnerability as “Critical.” Test and patch ASAP. Original CVE: CVE-2022-37958 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958