The U.S. Cybersecurity and Infrastructure Security Agency has alerted federal agencies to a Windows Task Host vulnerability being actively exploited in attacks. The flaw allows attackers to escalate privileges to SYSTEM level on affected systems.
CISA issued an emergency advisory flagging a privilege escalation vulnerability in Windows Task Host that poses an immediate threat to government networks. The vulnerability enables attackers with user-level access to gain full SYSTEM privileges, the highest level of access on Windows machines.
The agency directed all federal civilian agencies to patch affected systems immediately. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming that threat actors are actively weaponizing the flaw in real-world attacks.
Privilege escalation vulnerabilities represent a critical security risk. Once attackers gain SYSTEM privileges, they can install malware, steal sensitive data, modify system configurations, and maintain persistent access to compromised networks. The vulnerability is particularly dangerous because it requires minimal initial access—attackers need only basic user-level credentials.
Windows Task Host is a core Windows component that manages scheduled tasks and background processes. Its privileged role in the operating system makes vulnerabilities in this service especially valuable to attackers. The flaw affects multiple versions of Windows, though specific version details were included in CISA's technical advisory.
Federal agencies face a 30-day deadline to remediate the vulnerability on their systems. Organizations outside government should treat this warning as urgent guidance; threat actors typically expand exploitation beyond government targets once a vulnerability is publicly disclosed and patched.
Microsoft has released patches addressing the vulnerability. Organizations should prioritize applying updates to systems running Task Host, particularly on internet-facing machines and servers handling sensitive operations. Network administrators should also review audit logs for signs of exploitation, including unusual privilege escalation attempts.
The advisory underscores the ongoing threat landscape facing government and critical infrastructure networks. Attackers continue targeting Windows vulnerabilities as entry points for broader network compromise.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.