CVE-2021-24089 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2021-24089?

CVE-2021-24089 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through malicious HEVC video files in Microsoft's HEVC Video Extensions. Attackers can exploit this by tricking users into opening specially crafted video files, potentially compromising affected Windows systems.

📋 TL;DR

This vulnerability allows remote code execution through malicious HEVC video files in Microsoft's HEVC Video Extensions. Attackers can exploit this by tricking users into opening specially crafted video files, potentially compromising affected Windows systems.

💻 Affected Systems

Products:

Microsoft HEVC Video Extensions

Versions: Versions prior to 1.0.32763.0

Operating Systems: Windows 10, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with HEVC Video Extensions installed from Microsoft Store. Not installed by default on all systems.

📦 What is this software?

High Efficiency Video Coding by Microsoft

View all CVEs affecting High Efficiency Video Coding →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining SYSTEM privileges and persistent access to the victim's machine.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive data and system resources.

🟢

If Mitigated

Limited impact with proper patch management and user education preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious video file. No known public exploits as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HEVC Video Extensions version 1.0.32763.0 or later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089

Restart Required: No

Instructions:

1. Open Microsoft Store 2. Search for 'HEVC Video Extensions' 3. Click 'Update' if available 4. Alternatively, uninstall and reinstall to get latest version

🔧 Temporary Workarounds

Uninstall HEVC Video Extensions

windows

Remove the vulnerable component entirely

Get-AppxPackage *HEVCVideoExtension* | Remove-AppxPackage

Disable automatic codec processing

windows

Prevent automatic processing of HEVC video files

🧯 If You Can't Patch

Implement application whitelisting to block execution of HEVC Video Extensions
Educate users about risks of opening untrusted video files and implement email filtering for video attachments

🔍 How to Verify

Check if Vulnerable:

Check HEVC Video Extensions version in Microsoft Store or via PowerShell: Get-AppxPackage *HEVCVideoExtension* | Select Version

Check Version:

Get-AppxPackage *HEVCVideoExtension* | Select Name, Version

Verify Fix Applied:

Confirm version is 1.0.32763.0 or higher using same command

📡 Detection & Monitoring

Log Indicators:

Application crashes of HEVCVideoExtension.exe
Unusual process creation from video player applications

Network Indicators:

Downloads of HEVC video files from untrusted sources

SIEM Query:

EventID=1000 AND Source='Application Error' AND ProcessName='HEVCVideoExtension.exe'

📊 Metadata

CVE ID: CVE-2021-24089

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: March 11, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON