On September 22, 2020, Microsoft released a security update for Windows Server 2003 Service Pack 2 (SP2) to address a remote execution vulnerability (CVE-2020-0688).
On January 14, 2021, Microsoft reclassed the vulnerability from “Important” to “Critical.” On February 10, 2021, Microsoft issued a patch for the vulnerability.
Vulnerability in the SPNRGO Extended Negotiation
The vulnerability lies in the SPNEGOCONFIG NEGOTIATE SECURITY MECHANISMS (SPNEGO) security protocol, which allows a client to negotiate the type of security mechanisms to be used.
This vulnerability is a remote command injection vulnerability affecting a wide variety of protocols. It could potentially be wormable.
Risks
A security flaw could allow hackers to access your computer remotely by using SMB or RDP protocols, which are used for file sharing and remote desktop connections respectively.
This list of affected protocols is not complete and may be used anywhere where SPNEGO is used, such as SMTP and HTTP when SPNEGO is negotiated.
Broader Scope Than (CVE-2017-0144)
Unlike the CVE-2017-0144 exploit, which was limited to the SMB protocol, the newly discovered flaw affects a wider range of Windows computers because it exposes a greater number of services to the public network or internal networks.
This vulnerability doesn’t require any kind of human intervention or authentication from a victim on a target computer.
Don’t forget to check out our latest insights and reviews on the latest products with FAQs, Tips and more.
Critical Remote Code Execution Vulnerability – Discovered in Spnego Extended Negotiation Security Mechanism
Microsoft’s Classification – Critical
Microsoft has classified this vulnerability as “critical,” with all ratings ranging from high to critical except exploit complexity, which is considered high because it may take multiple attempts to successfully exploit the system. With the current configuration, unpatched Windows 7 and 8 computers are vulnerable.
To comply with its responsible disclosure policies, X-Force Red worked with Microsoft on this classification change. Because of this, IBM will not release full technical details until Q3 2023.
Apple has been working on macOS Ventura last year. Check the latest features and insights here.
Recommendations from X-Force Red
Due to the widespread adoption of SPNEGO (a mechanism for authenticating user accounts), we strongly recommend that you apply the patch immediately to prevent any potential attacks. The fix is included with future security updates and affects all systems running Windows 7 and later.
Additional recommendations from X-Force Red include:
- Review which applications, such as SMB or Remote Desktop Protocol (RDP), are exposed to the Internet.
- Monitoring your system for vulnerabilities, including Microsoft IIS servers that have Windows Authentication turned on.
- If you’re using Windows Server 2012 R2, limit Windows Active Directory domain controllers to using either Kerberos or NTLM for authenticating clients. And if you can’t apply the patch, disable “Negotiate” as a default Windows AD DC.
What are your thoughts? Tell us in the comments section below.
Take a look at the latest news about the technology world and how it’s progressing.
