Here we go. #37c3

When your patch management solutions destroys itself and you fix it via Defender for Endpoint Live Response…

Maybe I‘m a bit late to the CVE-2022-37958 party (that SPNEGO thing): Remote Desktop Gateway and especially the RDWeb component configure IIS so that Windows authentication with the Negotiate provider are enabled for some endpoints. Check for example /RDWeb/FeedLogin