Microsoft has reclassified a vulnerability they patched in September as critical. The vulnerability in the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) Extended Negotiation Security Mechanism (CVE-2022-37958) was initially described as an information disclosure issue. Now it has been found that the flaw could be exploited to allow remote execution of arbitrary code, prompting Microsoft to reclassify its severity. More detail https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958
