vulnerability
CVE-2018-8412: Microsoft (MAU) Office Elevation of Privilege Vulnerability [Microsoft AutoUpdate]
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Aug 14, 2018 | Aug 14, 2018 | Aug 13, 2019 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 14, 2018
Added
Aug 14, 2018
Modified
Aug 13, 2019
Description
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.
To exploit the vulnerability, the attacker could place a crafted executable in a specific location used by the update application to execute arbitrary code in a privileged context.
This update addresses the vulnerability by ensuring that MAU for Mac properly validates packages prior to installing them.
Solution
microsoft-autoupdate-upgrade-4_2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.