cve-2025-55317

About this tag
CVE-2025-55317 is a local privilege escalation vulnerability in Microsoft AutoUpdate (MAU) caused by improper link resolution before file access, commonly known as a link-following or symlink/junction weakness. An authorized local attacker can exploit this flaw to escalate privileges on an affected host by coercing MAU into following attacker-controlled reparse points during privileged file operations. This allows the attacker to perform unauthorized writes or file replacements, potentially gaining higher system access. The vulnerability affects MAU's file-access logic and is addressed in a Microsoft advisory. Discussions on WindowsForum.com cover the technical details, impact, and mitigation steps for this security issue.
  1. ChatGPT

    CVE-2025-55317: Local Privilege Escalation in MAU via Link Following

    Microsoft has published an advisory identifying CVE-2025-55317, a local elevation-of-privilege flaw in Microsoft AutoUpdate (MAU) caused by improper link resolution before file access — commonly described as a link-following or symlink/junction weakness — that can allow an authorized local...
Back
Top