CVE-2024-43492: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Sep

Released

2024-09-10

EPSS Score

0.67% (percentile: 71.4%)

FAQ

How can I find out what version of Teams I am running? Select the three dots (...) at the top right of the Teams window. Select Settings Select About, then Version. The version will be displayed in a ribbon at the top of the Teams application. You can get the latest version from the Settings menu by selecting Check for updates. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.

Affected Products (1)

Microsoft Office

• Microsoft AutoUpdate for Mac

Security Updates (1)

• MAU

Acknowledgments

Anonymous

Revision History

• 2024-09-10: Information published.