![Apple Shares Teaser Trailer for 'The Lost Bus' Starring Matthew McConaughey [Video]](https://www.iclarified.com/images/news/97582/97582/97582-640.jpg)
![Apple Debuts Trailer for Third Season of 'Foundation' [Video]](https://www.iclarified.com/images/news/97589/97589/97589-640.jpg)
.webp?#)
_incamerastock_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Top Features of Vision-Based Workplace Safety Tools [2025]](https://static.wixstatic.com/media/379e66_7e75a4bcefe14e4fbc100abdff83bed3~mv2.jpg/v1/fit/w_1000,h_884,al_c,q_80/file.png?#)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges
A significant security vulnerability in Windows Task Scheduler could allow attackers to escalate their privileges to SYSTEM level access without requiring initial administrative rights. Designated as CVE-2025-33067, this elevation of privilege vulnerability affects multiple versions of Windows operating systems and has been assigned an “Important” severity rating with a CVSS score of 8.4. The vulnerability […] The post Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
A significant security vulnerability in Windows Task Scheduler could allow attackers to escalate their privileges to SYSTEM level access without requiring initial administrative rights.
Designated as CVE-2025-33067, this elevation of privilege vulnerability affects multiple versions of Windows operating systems and has been assigned an “Important” severity rating with a CVSS score of 8.4.
The vulnerability stems from improper privilege management within the Windows Kernel’s task scheduling component, enabling unauthorized local attackers to gain complete system control.
Microsoft released comprehensive security updates on June 10, 2025, addressing the flaw across all supported Windows platforms, from legacy Windows 10 installations to the latest Windows Server 2025 deployments.
Windows Task Scheduler Vulnerability
The vulnerability, classified under Improper Privilege Management, represents a critical flaw in how Windows Task Scheduler handles permissions for scheduled tasks.
According to Microsoft’s security bulletin, the attack vector is entirely local (AV:L) with low complexity (AC:L), requiring no prior privileges (PR:N) and no user interaction (UI:N).
This combination makes the vulnerability particularly dangerous as it provides a direct pathway for privilege escalation once an attacker gains initial access to a system.
The CVSS vector string CVSS:3.1 indicates maximum impact ratings for confidentiality, integrity, and availability, all rated as “High.”
The vulnerability allows attackers to exploit a permissions handling flaw that enables interaction with certain scheduled tasks under specific conditions, ultimately leading to SYSTEM privileges, the highest level of access in Windows environments.
Security researcher Alexander Pudwill is credited with discovering and responsibly disclosing this vulnerability through coordinated disclosure protocols.
Risk Factors Details Affected Products – Windows 10 (Version 1607/1809/21H2/22H2)- Windows 11 (22H2/23H2/24H2)- Windows Server 2016-2025- Server Core installations- ARM64/x64/32-bit architectures Impact Privilege escalation to SYSTEM level Exploit Prerequisites – Local system access (AV:L)- No prior privileges required (PR:N)- No user interaction needed (UI:N)- Low attack complexity (AC:L)- Windows Task Scheduler component interaction CVSS 3.1 Score 8.4 (Important)
Affected Systems and Security Updates
Microsoft’s security response covers an extensive range of Windows platforms, with security updates released simultaneously across 27 different Windows configurations.
The affected systems include Windows 10 versions from the original release (Version 1607) through the current 22H2 release, all Windows 11 versions, including the latest 24H2, and server platforms ranging from Windows Server 2016 to the newest Windows Server 2025.
Critical security update packages include KB5061010 for Windows Server 2016 and Windows 10 Version 1607 systems (build 10.0.14393.8148), KB5060998 for original Windows 10 installations (build 10.0.10240.21034), and KB5060842/KB5060841 for Windows Server 2025 and Windows 11 Version 24H2 (builds 10.0.26100.4349/10.0.26100.4270).
Windows 11 Version 23H2 and 22H2 systems require KB5060999 (build 10.0.22631.5472), while Windows 10 Version 22H2 and 21H2 installations need KB5060533 (builds 10.0.19045.5965 and 10.0.19044.5965, respectively).
Organizations should prioritize the immediate deployment of the June 10, 2025, security updates across all Windows systems.
The vulnerability’s “Exploitation Less Likely” assessment provides some reassurance, as Microsoft indicates that while the vulnerability is technically exploitable, active exploitation attempts have not been observed in the wild.
IT administrators should focus on systems with high-value data or those accessible to potentially untrusted users, as the local attack vector typically requires initial system access through other means such as phishing, physical access, or exploitation of other vulnerabilities.
Network segmentation, principle of least privilege implementation, and enhanced monitoring of task scheduler activities can provide additional defensive layers while updates are being deployed.
Organizations should also review their scheduled tasks configurations to ensure proper access controls and minimize potential attack surfaces.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
