Microsoft Windows SPNEGO Extended Negotiation Heap-Based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability has been identified in the SPNEGO Extended Negotiation security mechanism of Windows. This vulnerability allows an unauthorized attacker to execute code remotely over a network. It affects Windows client machines running Windows 10, version 1607 and above, as well as various versions of Windows Server 2008 R2, 2012, 2012 R2, and 2016. The vulnerability arises from the default enabling of a Group Policy that allows certain authentication requests to use online identities, creating a potential exploitation vector.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Remediation

Users can apply the security update KB5062560 to address this vulnerability. This update is available through the Microsoft Update Catalog. For Windows Server 2012 R2, the update is included in the Monthly Rollup. Windows 10 users can also find the update in the Microsoft Update Catalog.