Windows Task Host Bug Actively Exploited, CISA Warns
▼ Summary
– CISA warned U.S. government agencies to patch a Windows Task Host vulnerability (CVE-2025-60710) that allows local attackers to gain SYSTEM privileges.
– The flaw is a link-following weakness in a core Windows component, patched by Microsoft in November 2025, affecting Windows 11 and Windows Server 2025.
– CISA added it to its actively exploited vulnerabilities catalog, giving federal agencies two weeks to secure systems under a 2021 directive.
– While the directive targets federal agencies, CISA urged all organizations, including private sector, to apply the patches immediately.
– This warning follows recent CISA directives for other vulnerabilities, including one in Ivanti software, highlighting ongoing patching urgency.
A critical vulnerability within a core Windows component is now under active attack, according to a new federal warning. The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. government agencies to urgently apply a patch for a flaw that lets attackers seize complete control of affected systems. This privilege escalation vulnerability in the Windows Task Host process poses a severe risk, as it can be leveraged by local users to obtain the highest level of access.
The issue, cataloged as CVE-2025-60710, involves an improper link resolution, a weakness known as link following. Microsoft addressed the bug in its November 2025 security updates, noting it impacts Windows 11 and Windows Server 2025. The Task Host is an essential system service that manages background processes, ensuring they run and close properly. Exploiting this flaw allows an authenticated attacker with standard user rights to elevate privileges locally and achieve SYSTEM privileges, granting them full command over the compromised device.
CISA formally added this vulnerability to its Known Exploited Vulnerabilities catalog this week. Under the binding operational directive BOD 22-01, Federal Civilian Executive Branch agencies now have a strict two-week deadline to implement the available patch and secure their networks. While the agency has not disclosed specifics about the ongoing attacks, and Microsoft has not yet updated its advisory to reflect active exploitation, the threat is considered immediate.
The directive technically applies only to federal agencies, but CISA strongly recommends that all organizations, including private sector entities, prioritize patching. The agency emphasized that this frequent attack vector represents a significant danger to any enterprise. Its guidance is clear, organizations must apply vendor-provided mitigations, adhere to BOD 22-01 procedures for cloud services, or cease using the product if no fix is available.
This urgent warning follows another recent CISA directive concerning a critical Ivanti Endpoint Manager Mobile flaw that was exploited for months. The constant stream of threats underscores a demanding patching landscape, highlighted further by Microsoft’s latest Patch Tuesday release, which resolved 167 vulnerabilities, including two other zero-day flaws.
(Source: BleepingComputer)
