Login Sign Up

CVE-2021-41360

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-41360 is a remote code execution vulnerability in Microsoft's HEVC Video Extensions that allows attackers to execute arbitrary code by tricking users into opening specially crafted media files. This affects Windows systems with the HEVC Video Extensions installed, potentially allowing attackers to gain control of affected systems.

💻 Affected Systems

Products:
  • Microsoft HEVC Video Extensions
Versions: All versions prior to the security update
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the HEVC codec handling within the Video Extensions framework. Systems without HEVC Video Extensions installed are not affected.

📦 What is this software?

Hevc Video Extensions by Microsoft

View all CVEs affecting Hevc Video Extensions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining SYSTEM-level privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to malware installation, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact due to application sandboxing or restricted user permissions, potentially only causing application crashes.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via email, web downloads, or messaging apps.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared network drives containing malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious media file. No public exploit code was available at the time of disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HEVC Video Extensions version with November 2021 security updates

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41360

Restart Required: No

Instructions:

1. Open Microsoft Store. 2. Search for 'HEVC Video Extensions'. 3. Click 'Get Updates' or check for updates. 4. Install available updates. 5. Alternatively, install Windows Update KB5007186 (November 2021 cumulative update).

🔧 Temporary Workarounds

Disable HEVC Video Extensions

windows

Temporarily disable or uninstall the HEVC Video Extensions to prevent exploitation

Settings > Apps > Apps & features > HEVC Video Extensions > Uninstall

Restrict media file execution

windows

Configure Group Policy to restrict execution of media files from untrusted sources

gpedit.msc > Computer Configuration > Administrative Templates > Windows Components > Attachment Manager

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized media players
  • Deploy email/web filtering to block suspicious media file attachments

🔍 How to Verify

Check if Vulnerable:

Check HEVC Video Extensions version in Microsoft Store or via PowerShell: Get-AppxPackage -Name Microsoft.HEVCVideoExtension*

Check Version:

Get-AppxPackage -Name Microsoft.HEVCVideoExtension* | Select-Object Version

Verify Fix Applied:

Verify HEVC Video Extensions version is updated to November 2021 or later release

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in HEVCVideoExtension.exe
  • Windows Error Reporting events related to HEVC codec
  • Unexpected process creation from media player applications

Network Indicators:

  • Unusual outbound connections from media player processes
  • Downloads of suspicious media files

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName='Application Error' AND ProcessName='HEVCVideoExtension.exe'

📊 Metadata

CVE ID: CVE-2021-41360
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: December 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON