CVE-2022-37958: Microsoft Elevates Severity of SPNEGO...

CVE-2022-37958: Microsoft Elevates Severity of SPNEGO NEGOEX Vulnerability

On December 13, as part of its December 2022 Patch Tuesday release, Microsoft updated an advisory for CVE-2022-37958, a vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism that was patched in September.

In its update, Microsoft elevated the severity, impact and CVSSv3 score for CVE-2022-37958:

Severity: High to Critical
Impact: Information Disclosure to Remote Code Execution
CVSSv3 Score: 7.5 to 8.1

For more information about the vulnerability, including Tenable product coverage, please visit our FAQ blog post for CVE-2022-37958.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2022-37958: Microsoft Elevates Severity of SPNEGO...

Recent Discussions

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

Americas

Europe

Asia / Australia