CVE-2022-24453 – CVE-2022-24453 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2022-24453?

CVE-2022-24453 has a CVSS score of 7.8 (HIGH). CVE-2022-24453 is a remote code execution vulnerability in Microsoft's HEVC Video Extensions that allows attackers to execute arbitrary code by tricking users into opening specially crafted video files. This affects Windows systems with the HEVC Video Extensions installed, potentially allowing attackers to gain control of affected systems.

📋 TL;DR

CVE-2022-24453 is a remote code execution vulnerability in Microsoft's HEVC Video Extensions that allows attackers to execute arbitrary code by tricking users into opening specially crafted video files. This affects Windows systems with the HEVC Video Extensions installed, potentially allowing attackers to gain control of affected systems.

💻 Affected Systems

Products:

Microsoft HEVC Video Extensions

Versions: Versions prior to the February 2022 security update

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires HEVC Video Extensions to be installed, which is not included by default but commonly installed for video playback support.

📦 What is this software?

Hevc Video Extensions by Microsoft

View all CVEs affecting Hevc Video Extensions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining SYSTEM-level privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local user account compromise leading to data exfiltration, credential theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application control policies and user education preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious video file. No public exploit code has been disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HEVC Video Extensions version 1.0.50361.0 or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24453

Restart Required: No

Instructions:

1. Open Microsoft Store 2. Search for 'HEVC Video Extensions' 3. Click 'Get Updates' or install the latest version 4. Alternatively, apply Windows Update KB5010415 (February 2022 cumulative update)

🔧 Temporary Workarounds

Disable HEVC Video Extensions

windows

Uninstall or disable the vulnerable HEVC Video Extensions component

Get-AppxPackage *HEVCVideoExtension* | Remove-AppxPackage

Application Control Policy

windows

Implement application control policies to block execution of HEVC Video Extensions

🧯 If You Can't Patch

Implement strict user education about opening untrusted video files
Deploy endpoint detection and response (EDR) solutions to detect malicious video file execution

🔍 How to Verify

Check if Vulnerable:

Check HEVC Video Extensions version in Microsoft Store or via PowerShell: Get-AppxPackage *HEVCVideoExtension* | Select Version

Check Version:

Get-AppxPackage *HEVCVideoExtension* | Select Name, Version

Verify Fix Applied:

Verify HEVC Video Extensions version is 1.0.50361.0 or later

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing HEVC Video Extensions crashes
Application errors related to hevcdecoderstore.dll

Network Indicators:

Unusual outbound connections following video file execution
Suspicious file downloads with video extensions

SIEM Query:

EventID=1000 AND Source='Application Error' AND (ProcessName LIKE '%HEVC%' OR FaultModuleName LIKE '%hevc%')

📊 Metadata

CVE ID: CVE-2022-24453

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 9, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24453, you might also want to check these: