A major security flaw in Windows Task Scheduler could let attackers elevate their privileges to SYSTEM level without needing administrative access at the start.
Tracked as CVE-2025-33067, this vulnerability affects multiple Windows operating systems and has been rated “Important” with a CVSS score of 8.4.
The issue arises from improper privilege management in the Windows Kernel’s task scheduling component, allowing unauthorized local users to take full control of a system. Microsoft addressed the flaw with security updates released on June 10, 2025, covering all supported platforms from Windows 10 to Windows Server 2025.
Details of the Task Scheduler Vulnerability
Classified under "Improper Privilege Management," the flaw affects how Task Scheduler assigns permissions for scheduled tasks. According to Microsoft, the vulnerability can be exploited locally, involves low complexity, requires no existing privileges, and needs no user interaction. This makes it especially dangerous, as attackers can escalate privileges easily after gaining access to a system.
The CVSS vector string indicates high impact on confidentiality, integrity, and availability. The flaw allows attackers to interact with specific scheduled tasks under certain conditions, leading to SYSTEM-level access the most powerful privilege level in Windows.
Security researcher Alexander Pudwill discovered and responsibly disclosed the vulnerability through coordinated channels.
Affected Systems and Patch Information
Microsoft’s security response includes updates for 27 different Windows versions. Affected systems span from early Windows 10 versions to the latest Windows Server 2025.
Some key updates include:
- KB5061010 for Windows Server 2016 and Windows 10 Version 1607 (build 10.0.14393.8148)
- KB5060998 for the original Windows 10 (build 10.0.10240.21034)
- KB5060842 / KB5060841 for Windows Server 2025 and Windows 11 Version 24H2 (builds 10.0.26100.4349 / 10.0.26100.4270)
- KB5060999 for Windows 11 Versions 23H2 and 22H2 (build 10.0.22631.5472)
- KB5060533 for Windows 10 Versions 22H2 and 21H2 (builds 10.0.19045.5965 and 10.0.19044.5965)
Microsoft advises all organizations to apply the June 10 security patches as soon as possible.
Mitigation and Best Practices
While Microsoft has assessed the vulnerability as “Exploitation Less Likely,” meaning no active attacks have been detected, it still presents a serious risk.
Administrators should give priority to systems that store sensitive data or are accessible by untrusted users. Because the flaw requires local access, it may be combined with phishing, physical intrusion, or other exploited vulnerabilities.
To strengthen defenses, organizations should:
- Implement network segmentation
- Enforce the principle of least privilege
- Monitor Task Scheduler activity closely
- Review scheduled task settings and tighten access permissions
These steps, along with timely patching, can help reduce the risk of exploitation.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
