Microsoft reclassifies a Windows vulnerability after an IBM researcher demonstrates remote code execution


After an IBM security researcher demonstrated that a Windows vulnerability could be exploited for remote code execution, Microsoft reclassified the flaw.

The CVE-2022-37958 vulnerability in the SPNEGO Extended Negotiation (NEGOEX) security mechanism, which is used by clients and servers to negotiate the authentication protocol, was patched in September, according to a statement from Microsoft. The problem, which seemed to result in information disclosure, was reported to Microsoft by an anonymous researcher. The tech behemoth rated it as “important.”

However, Microsoft also made an announcement regarding an update to the CVE-2022-37958 advisory when it published its December 2022 Patch Tuesday updates.

Read More:

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.