Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2022-37958 · SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

No description was published by MSRC.

Severity
Critical
Impact
Remote Code Execution
CVSS
8.1 base · 7.1 temporal
Release
2022-09-13
Signals
Windows SPNEGO Extended Negotiation Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
What is SPNEGO Extended Negotiation? The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see SPNEGO Overview for more information.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
FAQ
Are the updates for the Microsoft Office for Mac currently available? The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.