Marc Jan 2, 2023
Sean Whalen πŸ‘¨πŸΌβ€πŸ¦ΌπŸ³οΈβ€πŸŒˆπŸ‡ΊπŸ‡¦πŸ•ŠοΈ

Oh goodie, there's a new #Windows #vulnerability (CVE-2022-37958) that can remotely execute code without any authentication, like #EternalBlue (CVE-2017-0144), but more flexible. Fortunately, #Micosoft patched this in September 2022 after #IBM #XForce reported it to them. #IBM will release the full technical details in Q2 2023.

https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/

#cybersecurity #infosec #exploit

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

A vulnerability in SPNEGO NEGOEX has been reclassified as "Critical" after it was discovered that it could allow attackers to remotely execute code.

Security Intelligence
Jan 2, 2023 at 11:20pmWeb
Show threadfuomag9Jan 2, 2023
@seanthegeek for a second I thought there was a "new new" one but I'm glad it's "old"