Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows Task Host link-following privilege escalation (CVE-2025-60710)

Vulnerability
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-60710 to its actively exploited catalog after finding a Windows Task Host link-following flaw that can let local attackers escalate to SYSTEM on Windows 11 and Windows Server 2025. Microsoft had already patched the issue in November 2025, and CISA told FCEB agencies to secure systems within two weeks under BOD 22-01. The weakness matters because a low-complexity local exploit can hand an attacker full control of the compromised device.

Related Happenings

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Open Happening

Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw

Vulnerability
First: 14.05.2026 21:53 Last: 14.05.2026 21:53 Sources 1

About this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...

Open Happening

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale

Security Tool/Service
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....

Open Happening

CISA adds ScreenConnect and Windows flaws to KEV

Public Sector Action
First: 29.04.2026 11:46 Last: 29.04.2026 11:46 Sources 1

About this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...

Open Happening

Timeline

  1. 15.04.2026 17:51 2 articles · 1mo ago

    CISA warns on CVE-2025-60710 in Windows Task Host

    Initial Disclosure

    CISA warned U.S. Federal Civilian Executive Branch agencies and other defenders about CVE-2025-60710 in Windows Task Host, a link-following privilege escalation affecting Windows 11 and Windows Server 2025. The flaw can let local attackers with basic user permissions gain SYSTEM privileges and full control of a compromised device, and CISA said FCEB agencies must secure their systems within two weeks under BOD 22-01 while Microsoft had already patched the issue in November 2025.

    Show sources
    Open in new tab