Microsoft Now Says SPNEGO Extended Negotiation Security Vulnerability (CVE-2022-37958) is Critical
Updated on 2022-12-15: CVE-2022-37958 Valentina Palmiotti, a security researcher at IBM’s X-Force Red, has released more details about CVE-2022-37958, a vulnerability in the Windows SPNEGO protocol that Microsoft patched back in September. A video demonstration of the bug is here. The tl;dr here is below. Long story short, it’s really bad! “The vulnerability is in …
