Security vulnerability in Microsoft systems

Kritische_Sicherheitslücke

Critical security vulnerability: Intrusion of malicious code into Microsoft systems possible

CVE ID: CVE-2022-37958

CVSS Base Score: 8.1/10

General

Back in September of this year, a Microsoft security vulnerability with a CVSS Base Score of 6.8/10 was published. Specifically, it involved a supposedly low-risk vulnerability in the security mechanism called SPNEGO Extended Negotiation (NEGOEX). This mechanism is used to negotiate the ideal authentication protocol to be used between client and server. Basically, it is used for many Microsoft application protocols.

The following list gives an overview of the best-known protocols that can use SPNEGO:

  • Common Internet File System (CIFS) / Server Message Block (SMB)

  • HTTP

  • CredSSP, which is used by RDP

  • Remote Procedure Call Extensions

  • Lightweight Directory Access Protocol

Microsoft has now raised the criticality of the vulnerability to "critical". In principle, this means a base score of 8.1/10. The reason for this is that it was originally assumed that it would only be possible to read out information about this vulnerability. In the meantime, however, it has turned out that attackers can also inject malicious code into the respective system by exploiting the vulnerability. The first POC exploits are already available.

Affected systems

All latest Windows versions are affected. According to Microsoft, Windows versions from Release 7 to 11, as well as Windows Server from 2008 RT2 to 2022 are potential attack targets.

When are you affected?

  • You are using a Windows operating system.

  • You have client or server applications that use SPNEGO.

  • You have not installed the Microsoft patch from September (or later).

Detection of the vulnerability

After the new vulnerability was announced, our knowledge database and scan cluster on the go.lywand.com platform were updated. The vulnerability is identified in the course of lywand's security scans.

Recommendation

Update Windows systems to the latest version. It is particularly important that your latest updates are newer than September 13, 2022.

Link to the patch:
https://support.microsoft.com/en-us/topic/september-13-2022-security-update-kb5017316-0f0e00f9-a27c-496d-81b7-aa3b3bb010bc

Bernhard Schildendorfer

December 22, 2022

Category

Security vulnerability

Might be also interesting

Feature

Whitelabeling

Whitelabeling allows you to customize the Security Audit Platform with your own look and feel. To complete the new feature, we have added another "treat": Read-only Access.

March 21, 2024

Guide

Everything about the NIS2 Directive

Find out everything you need to know about the NIS2 Directive in our article: When did it come into force, which organizations does it affect and what are the specific requirements?

March 8, 2024

Feature

Assessment of IT security

In this article, you will find out why we have introduced probability of occurrence as a new factor in vulnerability risk assessment, and how IT security assessment works in our Security Audit Platform.

February 28, 2024