プラットフォーム
macos
コンポーネント
microsoft-autoupdate
修正版
4.78
CVE-2025-29800 describes a privilege escalation vulnerability within Microsoft AutoUpdate (MAU) for macOS. This flaw allows an authenticated attacker to elevate their privileges locally, potentially gaining control over the system. The vulnerability impacts versions 4.0.0 through 4.78, and a patch is available in version 4.78.
Successful exploitation of CVE-2025-29800 allows an attacker who already has some level of access to a macOS system to escalate their privileges to a higher level, most likely local administrator. This grants them the ability to install software, modify system settings, access sensitive data, and potentially compromise the entire system. The impact is particularly severe because MAU is a widely used component for updating Microsoft software, increasing the potential attack surface. While the vulnerability requires authentication, the ease of privilege escalation once authentication is achieved makes it a significant risk.
CVE-2025-29800 was publicly disclosed on April 8, 2025. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but given the nature of privilege escalation vulnerabilities and the widespread use of MAU, it is likely to be assessed as medium to high probability. It is not currently listed on the CISA KEV catalog.
Organizations and individuals using Microsoft software on macOS are at risk, particularly those with legacy configurations or limited access controls. Shared hosting environments where multiple users share the same macOS system are also at increased risk, as a compromised user account could potentially be leveraged to escalate privileges.
• macos: Monitor system logs (Console.app) for unusual processes or activity related to Microsoft AutoUpdate. Use Get-Process in PowerShell to check for unexpected MAU processes running with elevated privileges.
Get-Process -Name AutoUpdate -ErrorAction SilentlyContinue | Select-Object ProcessName, Id, StartTime• macos: Utilize macOS's built-in Activity Monitor to observe MAU's resource usage and parent processes. Look for unexpected parent processes or excessive resource consumption. • macos: Check for unauthorized modifications to MAU's installation directory or related files using file integrity monitoring tools.
disclosure
エクスプロイト状況
EPSS
0.52% (67% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-29800 is to upgrade Microsoft AutoUpdate to version 4.78 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing stricter access controls and monitoring MAU processes for suspicious activity. While a direct workaround is unavailable, restricting user privileges and employing robust endpoint detection and response (EDR) solutions can help detect and prevent exploitation attempts. After upgrading, confirm the update by verifying the MAU version through the Microsoft Update settings in System Preferences.
Actualice Microsoft AutoUpdate a la versión 4.78 o posterior. La actualización se puede realizar a través de la propia aplicación Microsoft AutoUpdate o descargando la última versión desde el sitio web de Microsoft. Esto corrige la vulnerabilidad de elevación de privilegios.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-29800 is a privilege escalation vulnerability affecting Microsoft AutoUpdate (MAU) on macOS, allowing an authenticated attacker to gain local administrator privileges.
You are affected if you are running Microsoft AutoUpdate on macOS versions 4.0.0 through 4.78. Check your version and upgrade accordingly.
Upgrade Microsoft AutoUpdate to version 4.78 or later to resolve the vulnerability. This is the primary and recommended mitigation.
As of April 8, 2025, there are no confirmed reports of active exploitation, but the vulnerability's nature warrants caution.
Refer to the official Microsoft Security Update Guide for CVE-2025-29800: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800)