HIGHCVSS7.8

Actively Exploited

KB5072014: Windows Server Security Update (November 2025)

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

Published Nov 11, 2025 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2026-04-27 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-59) (CWE-59) vulnerability in Microsoft Windows. Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

●Windows Administrators

●Systems Engineers

●IT Security

●Running windows 11 24h2: v < 10.0.26100.7392; windows 11 25h2: v < 10.0.26200.7392; windows server 2025: v < 10.0.26100.7392

Fixed inKB5072014, KB5072033 (applies to 6 product versions) — build 10.0.26100.7392, 10.0.26100.7462+

Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2026-04-13 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2026-04-27.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5072014

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

KB5072014 — https://support.microsoft.com/help/5072014

KB5072033 — https://support.microsoft.com/help/5072033

Supersedes: KB5068861, KB5068966

Affected Products

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 25H2 for ARM64-based Systems

Windows 11 Version 25H2 for x64-based Systems

Windows Server 2025

Windows Server 2025 (Server Core installation)

Fixed Build Numbers

10.0.26100.7392

10.0.26100.7462

10.0.26200.7392

10.0.26200.7462

Installation Methods

Windows Update (recommended)

Settings → Windows Update → Check for updates

The security update is offered if your system is in scope

Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

Open https://catalog.update.microsoft.com

Search for KB5072014

Download the package matching your OS architecture and Windows build

Run the .msu installer with administrator privileges

Restart when prompted

WSUS / SCCM / Intune

Approve KB5072014 for the affected products in your update management console.

Microsoft Download Center Links

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB5072014','KB5072033') }

References

Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710

KB article: https://support.microsoft.com/help/5072014

KB article: https://support.microsoft.com/help/5072033

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-60710

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710

Discovery Credit

@2st___ of Diffract Thanatos Tian of Diffract R4nger with Kunlun Lab Zhiniang Peng with HUST, Filip Dragović, Aobo Wang, Joel Land of CISA Vulnerability Response and Coordination

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2025-60710 ↗ MSRC Advisory ↗ NVD ↗ KBKB5072014