Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server

Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction.

The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks.

Critical Security Vulnerability Details

The SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability represents a significant threat to enterprise and consumer Windows environments.

This heap-based buffer overflow vulnerability allows unauthorized attackers to execute arbitrary code remotely over network connections, making it particularly dangerous for networked environments.

Security researchers have classified this vulnerability as wormable, meaning malicious code could potentially spread from one compromised system to another without human intervention.

The vulnerability received a critical CVSS score of 9.8 out of 10, indicating maximum severity across confidentiality, integrity, and availability metrics.

The vulnerability stems from improper handling of SPNEGO Extended Negotiation protocols within Windows authentication mechanisms.

Attackers can exploit this flaw through network-based attacks requiring no user interaction or elevated privileges, making it exceptionally dangerous for organizations with interconnected systems.

Microsoft’s exploitability assessment indicates that exploitation is “More Likely,” though no public exploits or active attacks have been documented at this time.

The vulnerability affects systems where the Group Policy Object “Network security: Allow PKU2U authentication requests to this computer to use online identities” is enabled by default.

Microsoft released official fixes on July 8, 2025, as part of its regular security update cycle.

The company has assigned this vulnerability to the Common Weakness Enumeration category CWE-122, indicating heap-based buffer overflow characteristics.

System administrators should prioritize immediate deployment of these security updates across all affected Windows systems.

The critical nature of this vulnerability, combined with its wormable characteristics, makes rapid patching essential for maintaining network security.

Organizations should implement these updates immediately while monitoring for any suspicious network activity that might indicate exploitation attempts.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.