vulnerability
CVE-2020-0984: Microsoft (MAU) Office Elevation of Privilege Vulnerability [Microsoft AutoUpdate]
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Apr 14, 2020 | Apr 14, 2020 | Apr 13, 2021 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 14, 2020
Added
Apr 14, 2020
Modified
Apr 13, 2021
Description
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.
To exploit the vulnerability, the attacker could place a crafted executable in a specific location used by the update application to execute arbitrary code in a privileged context.
This update addresses the vulnerability by ensuring that MAU for Mac properly validates packages prior to installing them.
Solution
microsoft-autoupdate-upgrade-4_22
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.