A major safety vulnerability in Home windows Process Scheduler might enable attackers to escalate their privileges to SYSTEM stage entry with out requiring preliminary administrative rights.
Designated as CVE-2025-33067, this elevation of privilege vulnerability impacts a number of variations of Home windows working techniques and has been assigned an “Vital” severity score with a CVSS rating of 8.4.
The vulnerability stems from improper privilege administration inside the Home windows Kernel’s process scheduling part, enabling unauthorized native attackers to achieve full system management.
Microsoft launched complete safety updates on June 10, 2025, addressing the flaw throughout all supported Home windows platforms, from legacy Home windows 10 installations to the newest Home windows Server 2025 deployments.
Home windows Process Scheduler Vulnerability
The vulnerability, categorised below Improper Privilege Administration, represents a important flaw in how Home windows Process Scheduler handles permissions for scheduled duties.
In line with Microsoft’s safety bulletin, the assault vector is completely native (AV:L) with low complexity (AC:L), requiring no prior privileges (PR:N) and no person interplay (UI:N).
This mixture makes the vulnerability notably harmful because it offers a direct pathway for privilege escalation as soon as an attacker features preliminary entry to a system.
The CVSS vector string CVSS:3.1 signifies most influence scores for confidentiality, integrity, and availability, all rated as “Excessive.”
The vulnerability permits attackers to take advantage of a permissions dealing with flaw that allows interplay with sure scheduled duties below particular situations, finally resulting in SYSTEM privileges, the best stage of entry in Home windows environments.
Safety researcher Alexander Pudwill is credited with discovering and responsibly disclosing this vulnerability by coordinated disclosure protocols.
Threat FactorsDetailsAffected Merchandise– Home windows 10 (Model 1607/1809/21H2/22H2)- Home windows 11 (22H2/23H2/24H2)- Home windows Server 2016-2025- Server Core installations- ARM64/x64/32-bit architecturesImpactPrivilege escalation to SYSTEM levelExploit Conditions– Native system entry (AV:L)- No prior privileges required (PR:N)- No person interplay wanted (UI:N)- Low assault complexity (AC:L)- Home windows Process Scheduler part interactionCVSS 3.1 Score8.4 (Vital)
Affected Programs and Safety Updates
Microsoft’s safety response covers an intensive vary of Home windows platforms, with safety updates launched concurrently throughout 27 completely different Home windows configurations.
The affected techniques embody Home windows 10 variations from the unique launch (Model 1607) by the present 22H2 launch, all Home windows 11 variations, together with the newest 24H2, and server platforms starting from Home windows Server 2016 to the latest Home windows Server 2025.
Crucial safety replace packages embody KB5061010 for Home windows Server 2016 and Home windows 10 Model 1607 techniques (construct 10.0.14393.8148), KB5060998 for unique Home windows 10 installations (construct 10.0.10240.21034), and KB5060842/KB5060841 for Home windows Server 2025 and Home windows 11 Model 24H2 (builds 10.0.26100.4349/10.0.26100.4270).
Home windows 11 Model 23H2 and 22H2 techniques require KB5060999 (construct 10.0.22631.5472), whereas Home windows 10 Model 22H2 and 21H2 installations want KB5060533 (builds 10.0.19045.5965 and 10.0.19044.5965, respectively).
Organizations ought to prioritize the instant deployment of the June 10, 2025, safety updates throughout all Home windows techniques.
The vulnerability’s “Exploitation Much less Possible” evaluation offers some reassurance, as Microsoft signifies that whereas the vulnerability is technically exploitable, energetic exploitation makes an attempt haven’t been noticed within the wild.
IT directors ought to give attention to techniques with high-value information or these accessible to doubtlessly untrusted customers, because the native assault vector sometimes requires preliminary system entry by different means reminiscent of phishing, bodily entry, or exploitation of different vulnerabilities.
Community segmentation, precept of least privilege implementation, and enhanced monitoring of process scheduler actions can present extra defensive layers whereas updates are being deployed.
Organizations must also assessment their scheduled duties configurations to make sure correct entry controls and decrease potential assault surfaces.
Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
