Microsoft has released security updates to address a critical vulnerability in Windows SPNEGO Extended Negotiation (NEGOEX) that could allow attackers to execute malicious code remotely on affected systems.
The vulnerability, tracked as CVE-2025-47981, affects multiple Windows versions and has been assigned the highest severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale.
Security Flaw Targets Windows Authentication System
The newly disclosed vulnerability represents a heap-based buffer overflow in the SPNEGO Extended Negotiation Security Mechanism, which extends the Simple and Protected GSS-API Negotiation
Mechanism used for authentication in Windows environments.
Security researchers, including anonymous contributors and Yuki Chen, discovered the flaw that could enable unauthorized attackers to execute arbitrary code on target systems without requiring user interaction or elevated privileges.
The vulnerability is particularly concerning because it can be exploited over a network with low attack complexity, meaning cybercriminals could potentially target systems remotely without sophisticated techniques.
According to Microsoft’s security advisory, an attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to complete system compromise with high impact on confidentiality, integrity, and availability.
The flaw primarily affects Windows client machines running Windows 10 version 1607 and above, specifically due to a Group Policy Object (GPO) setting that is enabled by default on these operating systems: “Network security: Allow PKU2U authentication requests to this computer to use online identities.”
This default configuration increases the attack surface for potential exploitation.
Comprehensive Patches Released
Microsoft has responded swiftly to address the vulnerability, releasing security updates on July 8, 2025, for a wide range of Windows operating systems.
The patches cover multiple server and client versions, including Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows 10 Version 1607 for both 32-bit and 64-bit systems.
The security updates are delivered through various channels, including Monthly Rollups for older server versions and Security Updates for newer systems.
For instance, Windows Server 2016 and Windows 10 Version 1607 receive security update KB5062560, while Windows Server 2012 systems get Monthly Rollup KB5062592.
Microsoft has assessed the vulnerability as “Exploitation More Likely” in their exploitability assessment, though no public disclosure or active exploitation has been reported at the time of the advisory’s release.
The company recommends immediate deployment of these security updates across affected systems to prevent potential attacks.
System administrators should prioritize patching efforts given the critical nature of this vulnerability and its potential for remote exploitation without user interaction.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The vulnerability, tracked as CVE-2025-47981, affects multiple Windows versions and has been assigned the highest severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale.){kind=link}