Now reclassified as Critical because of newly confirmed proof of remote code execution (RCE). Has been described as wormable. Windows 7 family (workstation class and server class OSes) and up affected. SPNEGO is used by SMB, RDP, and HTTP (and therefore, IIS). Covered by this week's Patch Tuesday patches.