CISA alert critical failure in Windows that allows you to climb privileges and take control of the computer

The US Agency for Infrastructure and Cybersecurity. U.S. (CISA) has alerted government agencies for critical vulnerability on Windows that, if not remedied, allows a local attacker to scale privileges to the level SYSTEM and take control of the equipment. The failure, recorded as CVE-2025-60710, affects central components of the operating system and was corrected by Microsoft in November 2025, but CISA warns that risk requires a rapid response.

The problem lies in the process known as Task Host, an internal component of Windows that acts as a container for DLL-based processes. Your function is to allow those DLL to run in the background and make sure they close correctly when you turn off the system, thus avoiding data corruption. Vulnerability is related to a type weakness "link following", that is, with the resolution of symbolic links or readdresses before accessing a file, which can be used by a user with basic permissions to force the system to open or modify resources that it should not.

Microsoft describes that the source of the failure is found in the resolution of links before the reading or opening of files by the host task process. This condition allows a non-privileged account to perform a low-complexity attack and, at worst, to raise its privileges until it takes action with system permits. For more technical details on this type of weakness, the corresponding CWE classification should be reviewed: CWE-59 (link following).

Last Monday CISA added this CVE to its list of actively exploited vulnerabilities and, in application of the BOD 22-01 November 2021, set a two-week period for federal civil agencies to ensure their environment. The inclusion in the CISA catalogue often involves this obligation of accelerated remediation; the public list itself is available in the catalogue of exploited vulnerabilities.

Neither CISA nor Microsoft have so far published details of specific attacks linked to this failure: the US agency has not disclosed commitment indicators and Microsoft has not yet updated its public notice to confirm active exploitation in nature. Even so, the warning is clear: this type of vectors - failure in resolution of links that allow to slice the chain of privileges - is common in malicious campaigns and represents a high risk for federal and corporate environments.

The official recommendation is strong: apply the corrections provided by the manufacturer and, where appropriate, implement the mentioned mitigation. CISA also refers to the instructions of the BOD 22-01 when the vulnerable load is in cloud services, and recalls that, if there are no practical mitigation, consideration should be given to interrupting the use of the product concerned until it is safe. The BOD 22-01 directive can be found on the agency's website: BOD 22-01.

This notice comes in a context of several recent actions by CISA and Microsoft: the agency has required urgent repairs for other vulnerabilities actively exploited in third-party products, and Microsoft has deployed its monthly updates that in April 2026 included corrections for more than 100 failures, including some of critical gravity. The Microsoft update guide and the manufacturer's security notices are essential sources for planning the response: MSRC - CVE-2025-60710.

If you manage equipment or infrastructure, the priority action should be to verify the status of the patches on all sensitive Windows 11 and Windows Server 2025 systems and apply the November 2025 updates that correct this defect. In addition, account configurations, access policies and event records should be reviewed in search of unusual activity that could indicate climbing attempts. It is not enough to park: a defensive strategy in layers - monitoring, segmentation of networks, integrity controls and minimum privileges - reduces the impact if an attacker manages to escape control.

In practical terms, the CISA warning should be read as a reminder that the vulnerabilities that allow to climb privileges are especially dangerous through the door they open: from an unprivileged account you can end up with total control of the system. That's why. the speed of patch application and inventory check are key measures to minimize risk while organisations review their defences and procedures.

For any security officer or manager, the route is clear: confirm the asset exposure, deploy the updates published by Microsoft, follow the guides and mitigation recommended by CISA and Microsoft, and maintain active surveillance to detect abnormal behaviors. To consult the official sources linked to this text is a good starting point to ensure that decisions are based on the most recent and reliable information.