CVE-2022-37958 — Resource Exposure in Microsoft Windows 10 Version 1507

CWE-668 — Resource Exposure10 documents7 sources

Severity

8.1HIGHNVD

EPSS

10.6%

top 6.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +15 more

Timeline

PublishedSep 13

Latest updateJan 12

Description

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages18 packages

▶CVEListV5microsoft/windows_76.1.0 — 6.1.7601.26115

▶CVEListV5microsoft/windows_8.16.3.0 — 6.3.9600.20571

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.23865

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.5356

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.3406

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2026-01-12

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2026-01-06

▶

OSV

linux-oracle-5.4 vulnerabilities↗2025-12-19

▶

OSV

linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities↗2025-12-11

▶

GHSA

GHSA-w9jc-m3x9-g758: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability↗2022-09-14

▶

📋Vendor Advisories

Microsoft

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability↗2022-09-13

▶

🕵️Threat Intelligence

Schneier

Critical Microsoft Code-Execution Vulnerability - Schneier on Security↗2022-12-01

▶