**CISA** warned U.S. government agencies to secure their systems against a **Windows** Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. Task Host is a core **Windows** system component that serves as a container for DLL-based processes. It allows them to operate in the background and ensures they close properly during shutdown to prevent data corruption. ### CVE-2025-60710: Link Following Flaw Tracked as **CVE-2025-60710**, this **Windows** security flaw stems from a link following weakness affecting **Windows 11** and **Windows Server 2025** devices. **Microsoft** patched it in November 2025. The vulnerability can be exploited by local attackers with basic user permissions via low-complexity attacks, enabling them to gain SYSTEM privileges and take full control of the compromised device. "Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally," **Microsoft** explains. ### CISA's Directive On Monday, **CISA** added **CVE-2025-60710** to its catalog of actively exploited vulnerabilities and gave Federal Civilian Executive Branch (FCEB) agencies two weeks to secure their systems, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01. **CISA** didn't share any details regarding these attacks, and **Microsoft** has yet to update its security advisory to confirm active exploitation. Although BOD 22-01 applies only to U.S. federal agencies, **CISA** has urged all defenders (including those in the private sector) to deploy **CVE-2025-60710** patches and secure their organizations' networks as soon as possible. "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," the U.S. cybersecurity agency warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." ### Recent CISA Directives and Microsoft Patches One week ago, **CISA** gave federal agencies four days to secure their networks against a critical-severity vulnerability in **Ivanti** Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Earlier this week, **Microsoft** also released security updates addressing 167 vulnerabilities, including 2 zero-day flaws, as part of its April 2026 Patch Tuesday.