Description
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages2 packages
🔴Vulnerability Details
2GHSAGHSA-9f84-fg53-w8q5: Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges local↗2025-09-09 CVEListMicrosoft AutoUpdate (MAU) Elevation of Privilege Vulnerability↗2025-09-09 📋Vendor Advisories
1MicrosoftMicrosoft AutoUpdate (MAU) Elevation of Privilege Vulnerability↗2025-09-09