What happened
CISA added a Windows Task Host privilege escalation vulnerability to its catalog of known exploited flaws after confirming it is being used in attacks. The issue, tracked as CVE-2025-60710, affects Windows 11 and Windows Server 2025 and was patched by Microsoft in November 2025. The flaw stems from a link-following weakness in Host Process for Windows Tasks and can allow a local attacker with basic user privileges to escalate to SYSTEM. CISA set a two-week deadline for federal civilian agencies to secure affected systems and urged other organizations to apply the available patches as soon as possible.
Who is affected
The direct exposure affects organizations running vulnerable Windows 11 and Windows Server 2025 systems that have not yet received the November 2025 fix. The flaw requires local access, but successful exploitation can give an attacker full control of the compromised device through SYSTEM-level privileges.
Why CISOs should care
This matters because privilege escalation flaws are commonly used to turn limited access into full device compromise. Even when the initial foothold is low privilege, a SYSTEM-level elevation can let attackers disable controls, access protected resources, and move deeper into the environment.
3 practical actions
- Patch affected systems: Ensure the November 2025 Microsoft security update for CVE-2025-60710 has been applied across Windows 11 and Windows Server 2025 environments.
- Treat local footholds as high risk: Review how attackers could gain basic local access through phishing, stolen credentials, or other software flaws, since that is enough to exploit this vulnerability.
- Prioritize post-compromise detection: Hunt for signs of unexpected privilege escalation and suspicious SYSTEM-level activity on endpoints where lower-privileged access may already have been obtained.
For more news about security flaws under active exploitation, click Vulnerability to read more.