SPNEGO Extended Negotiation Vulnerability Leaves Systems Vulnerable to Critical Remote Code Execution

In September 2022, Microsoft patched a vulnerability in SPNEGO NEGOEX (CVE-2022-37958) that could have allowed attackers to disclose critical information. However, on December 13, the vulnerability was reclassified as “Critical” by Microsoft after IBM Security X-Force Red discovered that the vulnerability could actually allow attackers to remotely execute code.

Unlike the vulnerability (CVE-2017-0144) that was exploited by EternalBlue and used in the WannaCry ransomware attacks, which only affected the SMB protocol, the current vulnerability has a broader scope and could potentially affect a wider range of Windows systems. This is because it has a larger attack surface of services exposed to the internet (HTTP, RDP, SMB) or on internal networks.

Additionally, SPNEGO vulnerability does not require any user interaction or authentication by a victim on a target system.

The vulnerability exists in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows a client and server to negotiate the choice of security mechanism to use.

This vulnerability is a pre-authentication remote code execution vulnerability that impacts a wide range of protocols and has the potential to be wormable. It could allow attackers to remotely execute arbitrary code by accessing the NEGOEX protocol via any Windows application protocol that authenticates, such as SMB or RDP.

This list of affected protocols could include Simple Message Transport Protocol (SMTP) and Hyper Text Transfer Protocol (HTTP) when SPNEGO authentication negotiation is turned on, among other places where SPNEGO is used, such as for use with Kerberos or Net-NTLM authentication.

Recommendations

Microsoft recommends users and administrators apply the patch immediately to protect against potential attack vectors. The patch, which is part of the September 2022 security updates, affects all Windows 7 and later PCs.

IBM X-Force Red advises users to check whether services, such as SMB and RDP, are exposed to the internet, monitor their attack surface, only use Kerberos or Net-NTLM as Windows authentication providers, and disable “Negotiate” as a default provider if the patch cannot be applied.

As part of IBM’s responsible disclosure strategy, complete technical information won’t be made public until Q2 2023.

Read also: CISA FBI and NSA Issue A Joint Advisory To Mitigate Log4j Vulnerabilities

39 thoughts on “SPNEGO Extended Negotiation Vulnerability Leaves Systems Vulnerable to Critical Remote Code Execution”

  1. Thank you very much for sharing. Your article was very helpful for me to build a paper on gate.io. After reading your article, I think the idea is very good and the creative techniques are also very innovative. However, I have some different opinions, and I will continue to follow your reply.

  2. I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.

  3. I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.

  4. Reading your article helped me a lot and I agree with you. But I still have some doubts, can you clarify for me? I’ll keep an eye out for your answers.

  5. A powerful share, I simply given this onto a colleague who was doing slightly analysis on this. And he in fact purchased me breakfast because I discovered it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I feel strongly about it and love reading extra on this topic. If potential, as you become expertise, would you thoughts updating your weblog with extra particulars? It is extremely helpful for me. Massive thumb up for this blog submit!

  6. This is the suitable weblog for anybody who desires to find out about this topic. You understand so much its nearly arduous to argue with you (not that I actually would want匟aHa). You definitely put a brand new spin on a subject thats been written about for years. Great stuff, simply great!

  7. An impressive share, I just given this onto a colleague who was doing a bit of analysis on this. And he in truth bought me breakfast as a result of I discovered it for him.. smile. So let me reword that: Thnx for the deal with! However yeah Thnkx for spending the time to discuss this, I feel strongly about it and love reading extra on this topic. If potential, as you change into experience, would you thoughts updating your weblog with extra details? It is extremely useful for me. Huge thumb up for this weblog put up!

  8. There are certainly plenty of particulars like that to take into consideration. That may be a nice point to convey up. I supply the thoughts above as general inspiration but clearly there are questions like the one you carry up where an important thing will be working in honest good faith. I don?t know if greatest practices have emerged round issues like that, however I’m certain that your job is clearly identified as a good game. Both girls and boys really feel the influence of just a second抯 pleasure, for the remainder of their lives.

  9. Oh my goodness! an incredible article dude. Thank you However I am experiencing problem with ur rss . Don抰 know why Unable to subscribe to it. Is there anybody getting an identical rss problem? Anyone who knows kindly respond. Thnkx

  10. There are certainly plenty of particulars like that to take into consideration. That is a great level to carry up. I supply the thoughts above as common inspiration but clearly there are questions like the one you deliver up the place crucial thing will probably be working in trustworthy good faith. I don?t know if best practices have emerged around issues like that, however I’m sure that your job is clearly recognized as a fair game. Both girls and boys feel the affect of only a second抯 pleasure, for the rest of their lives.

  11. I must point out my love for your kind-heartedness giving support to all those that have the need for help on the content. Your special commitment to getting the message throughout came to be amazingly functional and have usually empowered regular people like me to attain their endeavors. Your new useful key points entails a whole lot to me and especially to my colleagues. Regards; from all of us.

  12. I am only commenting to make you know what a really good encounter our princess experienced reading through your blog. She discovered some issues, not to mention how it is like to possess an awesome coaching style to get other individuals clearly know just exactly a number of complex things. You truly surpassed my expected results. Thanks for imparting the warm and friendly, trustworthy, educational and easy tips about this topic to Kate.

  13. Hey! I simply would like to give an enormous thumbs up for the great info you’ve got right here on this post. I will probably be coming back to your weblog for more soon.

  14. My spouse and i have been very relieved that Ervin could complete his web research from your precious recommendations he discovered in your weblog. It’s not at all simplistic to just continually be offering tricks which usually other folks may have been making money from. So we realize we now have the website owner to appreciate for that. Most of the illustrations you have made, the easy website navigation, the relationships you help engender – it’s many astonishing, and it’s aiding our son and our family reason why that subject matter is excellent, which is extremely mandatory. Thank you for the whole thing!

  15. I really wanted to type a remark to appreciate you for all of the remarkable techniques you are giving out on this site. My prolonged internet investigation has now been recognized with incredibly good details to write about with my friends and classmates. I ‘d express that many of us readers actually are quite blessed to live in a superb network with very many outstanding professionals with helpful solutions. I feel rather grateful to have seen the website page and look forward to so many more thrilling times reading here. Thanks a lot once again for everything.

  16. I have to show thanks to you for rescuing me from this setting. As a result of browsing through the the net and getting tricks which are not productive, I thought my life was well over. Existing without the answers to the issues you have resolved by way of your main short post is a crucial case, as well as the ones which could have in a wrong way affected my career if I had not come across your web page. Your personal know-how and kindness in touching the whole lot was valuable. I don’t know what I would have done if I hadn’t encountered such a step like this. I’m able to at this moment look ahead to my future. Thank you so much for your specialized and effective guide. I will not hesitate to suggest your web site to any person who should receive guidance on this problem.

  17. I have to express some appreciation to this writer for rescuing me from such a difficulty. Because of browsing through the world-wide-web and coming across things which were not pleasant, I thought my life was done. Living without the strategies to the problems you’ve fixed by means of your short post is a crucial case, as well as the kind that would have in a wrong way damaged my career if I hadn’t come across your web site. The capability and kindness in maneuvering a lot of stuff was invaluable. I’m not sure what I would’ve done if I hadn’t discovered such a step like this. I can also at this time relish my future. Thanks so much for your skilled and amazing guide. I won’t think twice to endorse your web page to any person who ought to have support on this topic.

  18. I wanted to compose a simple message so as to appreciate you for those fantastic instructions you are placing at this site. My long internet investigation has finally been paid with useful information to go over with my good friends. I ‘d say that most of us visitors actually are quite lucky to live in a magnificent network with many special people with great ideas. I feel quite lucky to have encountered the site and look forward to some more enjoyable times reading here. Thanks a lot once again for a lot of things.

  19. I precisely wished to say thanks again. I’m not certain the things I might have sorted out without the entire tactics shared by you over such a industry. It was a distressing concern in my opinion, nevertheless seeing the well-written mode you treated that took me to jump for delight. I am just grateful for this information as well as expect you comprehend what a great job you happen to be putting in training the others thru your blog. Most probably you haven’t come across all of us.

  20. I and my pals came digesting the best solutions on your website and suddenly I had a terrible suspicion I never expressed respect to the blog owner for those strategies. Most of the people are actually totally joyful to learn them and have in effect unquestionably been using these things. Many thanks for really being so helpful as well as for opting for varieties of amazing ideas most people are really needing to learn about. My personal honest apologies for not expressing gratitude to sooner.

  21. https://damiennjbv50504.slypage.com/718495/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/blogger.com/comment.g?blogID=6015711327272140942&postID=2327959776694550906&page=1&token=1685950074022

Comments are closed.

Scroll to Top