Login Sign Up

CVE-2021-33776

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-33776 is a remote code execution vulnerability in Microsoft's HEVC Video Extensions that allows attackers to execute arbitrary code by tricking users into opening specially crafted media files. This affects Windows systems with the HEVC Video Extensions installed, typically through the Microsoft Store. Users who open malicious video files are at risk of complete system compromise.

💻 Affected Systems

Products:
  • HEVC Video Extensions from Microsoft Store
Versions: Versions prior to 1.0.32763.0
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where HEVC Video Extensions are installed from Microsoft Store. Not installed by default but commonly added for HEVC video playback support.

📦 What is this software?

Hevc Video Extensions by Microsoft

View all CVEs affecting Hevc Video Extensions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to malware installation, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application whitelisting and user education preventing malicious file execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but common attack vectors like phishing emails make exploitation plausible.
🏢 Internal Only: MEDIUM - Internal users could be targeted via internal phishing or file shares, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction to open malicious media file. No publicly available exploit code as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HEVC Video Extensions version 1.0.32763.0 or later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33776

Restart Required: No

Instructions:

1. Open Microsoft Store. 2. Click on 'Library' in bottom left. 3. Click 'Get updates' to update all apps. 4. Alternatively, search for 'HEVC Video Extensions' and update manually. 5. Verify version is 1.0.32763.0 or higher.

🔧 Temporary Workarounds

Uninstall HEVC Video Extensions

windows

Remove the vulnerable component entirely if HEVC playback is not required

Start > Settings > Apps > Apps & features > Search 'HEVC' > Select 'HEVC Video Extensions' > Uninstall

Disable automatic media file handling

windows

Configure Windows to prompt before opening media files

Control Panel > Default Programs > Set Associations > Change .mp4/.hevc/etc to open with different program or prompt

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized media players
  • Educate users about risks of opening media files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check HEVC Video Extensions version in Microsoft Store or Apps & Features. Versions below 1.0.32763.0 are vulnerable.

Check Version:

Get-AppxPackage -Name Microsoft.HEVCVideoExtension* | Select-Object Version

Verify Fix Applied:

Confirm HEVC Video Extensions version is 1.0.32763.0 or higher in Microsoft Store or Apps & Features.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing HEVC Video Extensions crashes
  • Application logs showing unexpected media player executions

Network Indicators:

  • Outbound connections from media players to unexpected destinations
  • DNS queries for suspicious domains after media file opening

SIEM Query:

EventID=1000 AND Source='Application Error' AND ProcessName contains 'HEVC' OR 'VideoExtension'

📊 Metadata

CVE ID: CVE-2021-33776
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: July 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON