Ethical Hacking News
CISA has issued a warning to U.S. government agencies, urging them to secure their systems against a recently identified vulnerability in the Windows Task Host. This vulnerability could allow attackers to gain SYSTEM privileges on devices running Windows 11 and Windows Server 2025, highlighting the ongoing threat landscape in the cybersecurity world.
CVE-2025-60710 vulnerability in Windows Task Host allows attackers to gain SYSTEM privileges. Federal agencies have been given two weeks to secure their systems against this vulnerability. Microsoft has released security updates to address the issue, but CISA warns it has already been targeted by malicious actors. Organizations must keep software up-to-date and be cautious when interacting with potentially vulnerable systems.
CISA has issued a warning to U.S. government agencies, urging them to secure their systems against a recently identified vulnerability in the Windows Task Host. This vulnerability, tracked as CVE-2025-60710, is a link following weakness that could allow attackers to gain SYSTEM privileges on devices running Windows 11 and Windows Server 2025.
The vulnerability stems from an improper link resolution mechanism within the Host Process for Windows Tasks. According to Microsoft, this flaw allows authorized attackers to elevate their local privileges, effectively granting them control over the compromised device. This is a significant concern, as it poses a high risk of data breaches and exploitation.
According to CISA, federal agencies have been given two weeks to secure their systems against this vulnerability. The agency has also emphasized the importance of deploying patches and mitigations per vendor instructions. If no action is taken, it may be necessary to discontinue use of the affected product.
This warning highlights the ongoing threat landscape in the cybersecurity world. With the increasing sophistication of attacks and the growing reliance on technology, it is essential for organizations to stay vigilant and take proactive measures to protect themselves against vulnerabilities like this one.
Microsoft has acknowledged this vulnerability and released security updates to address it. However, CISA has warned that the agency's catalog of actively exploited vulnerabilities includes this issue, which means it has already been targeted by malicious actors.
This incident serves as a reminder of the importance of keeping software up-to-date and being cautious when interacting with potentially vulnerable systems. By taking proactive steps to secure their systems, organizations can minimize the risk of data breaches and protect themselves against future threats.
In addition to this vulnerability, CISA has also issued warnings about other critical-severity vulnerabilities in various products, including Ivanti Endpoint Manager Mobile and Adobe Acrobat Reader. These incidents demonstrate the need for continuous vigilance and prompt action to address emerging threats.
As organizations navigate the complex world of cybersecurity, it is essential to stay informed about the latest threats and take proactive steps to protect themselves. By doing so, they can minimize the risk of data breaches and ensure the integrity of their systems.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warnings-US-Government-Agencies-to-Secure-Against-Windows-Task-Host-Vulnerability-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-flags-windows-task-host-vulnerability-as-exploited-in-attacks/
https://www.cisa.gov/news-events/cybersecurity-advisories
https://nvd.nist.gov/vuln/detail/CVE-2025-60710
https://www.cvedetails.com/cve/CVE-2025-60710/
Published: Wed Apr 15 10:49:22 2026 by llama3.2 3B Q4_K_M
