Tech »  Topic »  Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server

Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server


Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction.

The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks.

Critical Security Vulnerability Details

The SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability represents a significant threat to enterprise and consumer Windows environments.

This heap-based buffer overflow vulnerability allows unauthorized attackers to execute arbitrary code remotely over network connections, making it particularly dangerous for networked environments.

Attribute Value
CVE ID CVE-2025-47981
Impact Remote Code Execution
Severity Critical
CVSS Score 9.8 / 8.5

Security researchers have classified this vulnerability as wormable, meaning malicious code could potentially spread from one compromised system to another without human intervention.

The vulnerability received a critical CVSS score of 9.8 out of 10 ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE