Windows SPNEGO vuln CVE-2022-37958 reclassified as Critical (RCE)

Royce Williams

Now reclassified as Critical because of newly confirmed proof of remote code execution (RCE). Has been described as wormable. Windows 7 family (workstation class and server class OSes) and up affected. SPNEGO is used by SMB, RDP, and HTTP (and therefore, IIS). Covered by this week's Patch Tuesday patches.