A vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism for Microsoft issued in September has now been classified as “critical” after it was discovered that the vulnerability could allow attackers to remotely execute code.
SPNEGO (NEGOEX) Security Mechanism allows clients and servers to negotiate the choice of a security mechanism to use. The critical vulnerability allows for a pre-authentication remote code execution viewability that impacts a wide range of protocols and has the potential to be wormable. SPNEGO works when both the client and servers sides have it enabled but there are several protocols that use this. The vulnerability (CVE-2022-37958) is critical due to the fact that it could only take a few attempts for it to be successfully exploited.
You could be exploitable due to the vulnerability if: your system runs on Windows 7 or newer, you have client applications and sever software running SPNEGO and the NEGOEX mechanism is enabled, and if you DO NOT have the September or later patch for Microsoft installed.
The recommendation is that you should apply the latest update for the Microsoft patch since September 13 or later, immediately, and continually monitor your attack surface. If you are unable to apply the latest Microsoft patch, limit Windows authentication providers to Kerberos or Net-NTLM and remove “Negotiate” as a default provider (read more).
The FCC recommends all organizations have a vulnerability risk assessment completed every 90 days. SecuLore’s™ CyberBenchmark fulfills policy requirements and helps you understand where your network is vulnerable, as well as providing actionable remediation recommendations to help protect your network.
SecuLore™ OverWatch provides continuous network monitoring through our patented Paladin™ technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
SecuLore Support Team