CISA warned U.S. authorities companies to safe their techniques towards a Home windows Process Host privilege escalation vulnerability that would permit attackers to achieve SYSTEM privileges.
Process Host is a core Home windows system part that serves as a container for DLL-based processes, permits them to function within the background, and ensures they shut correctly throughout shutdown to stop knowledge corruption.
Tracked as CVE-2025-60710, this Home windows security flaw stems from a hyperlink following weak spot affecting Home windows 11 and Home windows Server 2025 gadgets and was patched by Microsoft in November 2025.
The vulnerability might be exploited by native attackers with fundamental consumer permissions through low-complexity assaults, enabling them to achieve SYSTEM privileges and take full management of the compromised system.
“Improper hyperlink decision earlier than file entry (‘hyperlink following’) in Host Course of for Home windows Duties permits a certified attacker to raise privileges regionally,” Microsoft explains.
On Monday, CISA added CVE-2025-60710 to its catalog of actively exploited vulnerabilities and gave Federal Civilian Govt Department (FCEB) companies two weeks to safe their techniques, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
CISA did not share any particulars relating to these assaults, and Microsoft has but to replace its security advisory to substantiate lively exploitation.
Though BOD 22-01 applies solely to U.S. federal companies, CISA has urged all defenders (together with these within the non-public sector) to deploy CVE-2025-60710 patches and safe their organizations’ networks as quickly as doable.
“Any such vulnerability is a frequent assault vector for malicious cyber actors and poses important dangers to the federal enterprise,” the U.S. cybersecurity company warned.
“Apply mitigations per vendor directions, observe relevant BOD 22-01 steerage for cloud companies, or discontinue use of the product if mitigations are unavailable.”
One week in the past, CISA gave federal companies 4 days to safe their networks towards a critical-severity vulnerability in Ivanti Endpoint Supervisor Cellular (EPMM) that has been exploited in assaults since January.
Earlier this week, Microsoft additionally launched security updates addressing 167 vulnerabilities, together with 2 zero-day flaws, as a part of its April 2026 Patch Tuesday.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, exhibits the place protection ends, and supplies practitioners with three diagnostic questions for any software analysis.
