Plattform
macos
Komponente
microsoft-autoupdate
Behoben in
4.78
CVE-2025-29800 describes a privilege escalation vulnerability within Microsoft AutoUpdate (MAU) for macOS. This flaw allows an authenticated attacker to elevate their privileges locally, potentially gaining control over the system. The vulnerability impacts versions 4.0.0 through 4.78, and a patch is available in version 4.78.
Successful exploitation of CVE-2025-29800 allows an attacker who already has some level of access to a macOS system to escalate their privileges to a higher level, most likely local administrator. This grants them the ability to install software, modify system settings, access sensitive data, and potentially compromise the entire system. The impact is particularly severe because MAU is a widely used component for updating Microsoft software, increasing the potential attack surface. While the vulnerability requires authentication, the ease of privilege escalation once authentication is achieved makes it a significant risk.
CVE-2025-29800 was publicly disclosed on April 8, 2025. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but given the nature of privilege escalation vulnerabilities and the widespread use of MAU, it is likely to be assessed as medium to high probability. It is not currently listed on the CISA KEV catalog.
Organizations and individuals using Microsoft software on macOS are at risk, particularly those with legacy configurations or limited access controls. Shared hosting environments where multiple users share the same macOS system are also at increased risk, as a compromised user account could potentially be leveraged to escalate privileges.
• macos: Monitor system logs (Console.app) for unusual processes or activity related to Microsoft AutoUpdate. Use Get-Process in PowerShell to check for unexpected MAU processes running with elevated privileges.
Get-Process -Name AutoUpdate -ErrorAction SilentlyContinue | Select-Object ProcessName, Id, StartTime• macos: Utilize macOS's built-in Activity Monitor to observe MAU's resource usage and parent processes. Look for unexpected parent processes or excessive resource consumption. • macos: Check for unauthorized modifications to MAU's installation directory or related files using file integrity monitoring tools.
disclosure
Exploit-Status
EPSS
0.52% (67% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-29800 is to upgrade Microsoft AutoUpdate to version 4.78 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing stricter access controls and monitoring MAU processes for suspicious activity. While a direct workaround is unavailable, restricting user privileges and employing robust endpoint detection and response (EDR) solutions can help detect and prevent exploitation attempts. After upgrading, confirm the update by verifying the MAU version through the Microsoft Update settings in System Preferences.
Actualice Microsoft AutoUpdate a la versión 4.78 o posterior. La actualización se puede realizar a través de la propia aplicación Microsoft AutoUpdate o descargando la última versión desde el sitio web de Microsoft. Esto corrige la vulnerabilidad de elevación de privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-29800 is a privilege escalation vulnerability affecting Microsoft AutoUpdate (MAU) on macOS, allowing an authenticated attacker to gain local administrator privileges.
You are affected if you are running Microsoft AutoUpdate on macOS versions 4.0.0 through 4.78. Check your version and upgrade accordingly.
Upgrade Microsoft AutoUpdate to version 4.78 or later to resolve the vulnerability. This is the primary and recommended mitigation.
As of April 8, 2025, there are no confirmed reports of active exploitation, but the vulnerability's nature warrants caution.
Refer to the official Microsoft Security Update Guide for CVE-2025-29800: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.