Microsoft Windows Link Following Vulnerability
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Quick answer
Microsoft Windows should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- Review vendor advisory for affected versions.
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Treat CVE-2025-60710 as an actively exploited Microsoft Windows privilege escalation risk. The record identifies a link-following weakness, so the main remediation is to apply the Microsoft Security Update Guide fix through the correct Windows cumulative security update for each affected branch. Prioritize workstations and servers used by administrators, RDP users, service accounts, and systems with recent malware or suspicious local activity. If a device cannot be patched, isolate it or apply compensating controls until it can be retired or rebuilt.
- Inventory Windows clients and servers, including administrator workstations, RDP hosts, jump boxes, domain controllers, and application servers.
- Check each system against the Microsoft Security Update Guide entry for CVE-2025-60710 and its installed cumulative update level.
- Deploy the applicable Windows cumulative security update through Windows Update, WSUS, Intune, SCCM, or the approved endpoint management workflow.
- Prioritize devices with privileged users, remote access exposure, shared file paths, or recent endpoint security alerts.
- Restrict local administrator rights, writable system paths, and untrusted shared directories while patching is in progress.
- Review EDR and Windows event logs for suspicious symlink, junction, hard-link, service creation, scheduled task, or privilege escalation activity.
- Rotate credentials and investigate lateral movement if exploitation or post-exploitation activity is suspected.
- Retire or isolate unsupported Windows versions that cannot receive the Microsoft security update.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm each Windows host shows the Microsoft cumulative update or later update that includes the CVE-2025-60710 fix.
- Confirm WSUS, Intune, SCCM, Defender for Endpoint, or vulnerability management data no longer flags CVE-2025-60710.
- Confirm no critical Windows security updates remain pending for the affected OS branch.
- Review post-patch endpoint logs for continued local privilege escalation attempts or suspicious link-following behavior.
- Run a Fixnx scan against public Windows-hosted services to understand external exposure after remediation.
Related categories
Trusted references
FAQ
What is affected by CVE-2025-60710?
Microsoft Windows should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
