Important 2018-08 archive

Executive Summary

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges. To exploit the vulnerability, the attacker could place a crafted executable in a specific location used by the update application to execute arbitrary code in a privileged context. This update addresses the vulnerability by ensuring that MAU for Mac properly validates packages prior to installing them.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Aug 14 2018
Last Updated Aug 14 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

1 affected product
Product KB Article Severity Impact Restart Required
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Elevation of Privilege No

Patches

1 patch
Article Type Restart
Release Notes Security Update No

Known Exploits

Acknowledgments

CodeColorist from AntFinancial LightYear Security Lab