CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges.
Task Host is a core Windows system component that serves as a container for DLL-based processes, allows them to operate in the background, and ensures they close properly during shutdown to prevent data corruption.
Tracked as CVE-2025-60710, this Windows security flaw stems from a link following weakness affecting Windows 11 and Windows Server 2025 devices and was patched by Microsoft in November 2025.
The vulnerability can be exploited by local attackers with basic user permissions via low-complexity attacks, enabling them to gain SYSTEM privileges and take full control of the compromised device.
“Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally,” Microsoft explains.
On Monday, CISA added CVE-2025-60710 to its catalog of actively exploited vulnerabilities and gave Federal Civilian Executive Branch (FCEB) agencies two weeks to secure their systems, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
CISA didn’t share any details regarding these attacks, and Microsoft has yet to update its security advisory to confirm active exploitation.
Although BOD 22-01 applies only to U.S. federal agencies, CISA has urged all defenders (including those in the private sector) to deploy CVE-2025-60710 patches and secure their organizations’ networks as soon as possible.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” the U.S. cybersecurity agency warned.
“Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
One week ago, CISA gave federal agencies four days to secure their networks against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January.
Earlier this week, Microsoft also released security updates addressing 167 vulnerabilities, including 2 zero-day flaws, as part of its April 2026 Patch Tuesday.
.article-callout {
background-color: #f0f6ff;
width: 95%;
max-width: 800px;
margin: 15px auto;
border-radius: 8px;
border: 1px solid #d6ddee;
display: flex;
align-items: stretch;
overflow: hidden;
}
.article-media {
flex: 1;
max-width: 220px;
display: flex;
}
.article-media a {
display: flex;
width: 100%;
height: 100%;
}
.article-media img {
width: 100%;
height: 100%;
border-radius: 8px 0 0 8px;
display: block;
}
.article-callout .article-media img {
margin-top: 0 !important;
height: 100% !important;
}
.article-body {
flex: 2;
padding: 10px;
display: flex;
flex-direction: column;
justify-content: center;
}
.article-body h2 {
font-size: 17px !important;
font-weight: 700;
color: #333;
line-height: 1.4;
font-family: Georgia, “Times New Roman”, Times, serif;
margin: 0 0 14px 0;
}
.article-body p {
font-weight: bold;
font-size: 14px;
margin: 0 0 clamp(6px, 2vw, 14px) 0;
}
.article-link {
background-color: #fff;
border: 1px solid #3b59aa;
color: black;
text-align: center;
text-decoration: none;
border-radius: 8px;
display: inline-block;
font-size: 16px;
font-weight: bold;
padding: 10px 20px;
width: fit-content;
}
@media (max-width: 600px) {
.article-callout {
flex-direction: column;
align-items: center;
}
.article-media {
max-width: 100%;
}
.article-media img {
border-radius: 8px 8px 0 0;
}
.article-body {
padding: 15px;
width: 100%;
}
.article-link {
width: 100%;
margin: 0 auto;
box-sizing: border-box;
}
}
99% of What Mythos Found Is Still Unpatched.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Comments