CISA Urges Agencies to Patch Actively Exploited Windows Vulnerability
AI-generated from multiple sources. Verify before acting on this reporting.
WASHINGTON (April 15, 2026) — The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to U.S. government agencies to secure their systems against an actively exploited vulnerability in Microsoft Windows software. The alert, released Tuesday afternoon, warns of a privilege escalation flaw that allows attackers to gain SYSTEM-level access on affected devices.
The vulnerability, designated CVE-2025-60710, affects the Windows Task Host process. CISA stated that the flaw is being actively exploited in the wild, posing a significant risk to federal infrastructure. The agency instructed agencies to apply available patches immediately or implement compensating controls to mitigate the threat. The directive applies specifically to Windows 11 and Windows Server 2025 operating systems.
Microsoft confirmed the existence of the vulnerability and released security updates to address the issue. The company's advisory notes that the flaw allows a local attacker to escalate privileges to SYSTEM level, potentially enabling full control over the compromised machine. The update is available through Windows Update and Microsoft Update Catalog.
CISA's warning comes as federal agencies continue to grapple with evolving cyber threats targeting government networks. The agency's directive emphasizes the critical nature of the vulnerability, noting that exploitation could lead to unauthorized access to sensitive data and systems. Federal agencies are required to report compliance with the directive within 30 days.
The vulnerability was discovered during routine security assessments and has since been confirmed as actively exploited. CISA's alert includes technical details to help agencies identify and remediate the issue. The agency also recommended that agencies monitor for signs of compromise and investigate any suspicious activity related to the Windows Task Host process.
Security experts have noted that the vulnerability's active exploitation status makes it a high-priority target for remediation. The flaw's ability to grant SYSTEM privileges means that attackers could potentially move laterally within a network, access sensitive information, or deploy malware. The urgency of the situation has prompted CISA to issue the directive with immediate effect.
Federal agencies are expected to prioritize patching efforts to ensure compliance with the directive. The agency's warning underscores the ongoing challenges in securing government infrastructure against sophisticated cyber threats. As agencies work to address the vulnerability, CISA will continue to monitor the situation and provide updates as needed.
The full scope of the vulnerability's impact remains unclear, and agencies are advised to remain vigilant for further developments. CISA's directive serves as a critical step in protecting federal systems from potential exploitation. The agency's warning highlights the importance of timely patching and proactive security measures in the face of evolving cyber threats.