CISA flags Windows Task Host vulnerability as exploited in attacks

Key Points:

• CISA has warned U.S. government agencies to patch a Windows Task Host privilege escalation vulnerability (CVE-2025-60710) that allows local attackers to gain SYSTEM privileges on Windows 11 and Windows Server 2025 devices.
• The flaw, caused by improper link resolution in the Host Process for Windows Tasks, was patched by Microsoft in November 2025 and can be exploited through low-complexity local attacks.
• CISA added this vulnerability to its actively exploited catalog and mandated Federal Civilian Executive Branch agencies to secure their systems within two weeks under Binding Operational Directive 22-01.
• While details of active exploitation have not been disclosed and Microsoft has not confirmed active attacks, CISA urges all organizations, including private sector defenders, to apply patches promptly to mitigate significant risks.
• This advisory follows a recent CISA directive requiring federal agencies to address another critical vulnerability in Ivanti Endpoint Manager Mobile, highlighting ongoing threats to federal cybersecurity.