A critical security vulnerability has emerged within the Windows Task Scheduler, designated as CVE-2025-33067. This flaw allows attackers to escalate their privileges to SYSTEM level access without needing prior administrative rights, posing a significant risk across multiple versions of Windows operating systems. The vulnerability has been rated as “Important” with a CVSS score of 8.4, indicating a serious threat to system integrity.
The root of this vulnerability lies in improper privilege management within the Windows Kernel’s task scheduling component. This oversight enables unauthorized local attackers to gain complete control over the system, creating a pathway for privilege escalation once initial access is obtained.
Windows Task Scheduler Vulnerability
Classified under Improper Privilege Management, this vulnerability highlights a critical flaw in how the Windows Task Scheduler manages permissions for scheduled tasks. Microsoft’s security bulletin outlines that the attack vector is entirely local (AV:L) with low complexity (AC:L), requiring no prior privileges (PR:N) and no user interaction (UI:N). This combination renders the vulnerability particularly dangerous, as it facilitates a straightforward route for privilege escalation.
The CVSS vector string CVSS:3.1 indicates high impact ratings for confidentiality, integrity, and availability, all classified as “High.” This vulnerability allows attackers to exploit a permissions handling flaw, leading to SYSTEM privileges, the highest access level in Windows environments. Security researcher Alexander Pudwill is credited with the discovery and responsible disclosure of this vulnerability through coordinated protocols.
| Risk Factors | Details |
| Affected Products |
|
| Impact | Privilege escalation to SYSTEM level |
| Exploit Prerequisites |
|
| CVSS 3.1 Score | 8.4 (Important) |
Affected Systems and Security Updates
In response to this vulnerability, Microsoft has released comprehensive security updates on June 10, 2025, covering a wide array of Windows platforms. The updates address the flaw across 27 different Windows configurations, including Windows 10 versions from the original release (Version 1607) to the current 22H2, all versions of Windows 11, and server platforms ranging from Windows Server 2016 to the latest Windows Server 2025.
Critical security update packages include:
- KB5061010 for Windows Server 2016 and Windows 10 Version 1607
- KB5060998 for original Windows 10 installations
- KB5060842/KB5060841 for Windows Server 2025 and Windows 11 Version 24H2
- KB5060999 for Windows 11 Version 23H2 and 22H2
- KB5060533 for Windows 10 Version 22H2 and 21H2
Organizations are urged to prioritize the immediate deployment of these security updates across all Windows systems. While Microsoft assesses the vulnerability as “Exploitation Less Likely,” indicating that active exploitation attempts have not been observed in the wild, IT administrators should remain vigilant. Focus should be directed towards systems containing high-value data or those accessible to potentially untrusted users, as the local attack vector typically necessitates initial access through phishing, physical access, or exploitation of other vulnerabilities.
To bolster defenses while updates are being deployed, organizations can implement network segmentation, adhere to the principle of least privilege, and enhance monitoring of task scheduler activities. Additionally, reviewing scheduled task configurations to ensure proper access controls can help minimize potential attack surfaces.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
