Forum Discussion

OrestisO's avatar
OrestisO
Copper Contributor
Jun 23, 2022

Microsoft Windows Codecs Library Vulnerability showing up on scan, even after updating the apps.

Hello Tech Community,

 

I hope I'm posting this in the right place. I need help with some vulnerability issues. This is happening for a few things, and I'm at a loss as to what to do next. This example is the Qualys QID 91866 Microsoft Windows Codecs Library HEVC Video and VP9 Extensions Remote Code Execution (RCE) Vulnerability for February 2022.

I have updated all the relevant codecs, checked their current versions in PowerShell and confirmed with the CVE that they are up to date, but the VM keeps retrieving this in its scan. The only place I can find older version remnants is the registry, and I don't particularly want to go in and remove a bunch of keys. I'm also not able uninstall the codecs or the other apps this issue keeps happening on. 

 

In this case, the scan shows 

Microsoft vulnerable Microsoft.VP9VideoExtensions detected 
Version     '1.0.13333.0' 

 Installed version is 1.0.42351.0 . 

 

This is also happening with the Office App and Photos App. Any ideas as to how best to remediate?

 

Thanks for the help!

 

-OrestisO

 

  • Kurt Carpenter's avatar
    Kurt Carpenter
    Copper Contributor

    OrestisO 

     

    Did you ever find a fix for this?  We have the same issue and even removed the old version only to find out it still shows as vulnerable.  It might be picking it up in user profiles which makes it more difficult to remove.

    • arneb3's avatar
      arneb3
      Copper Contributor

      Kurt Carpenter Ditto.  Looks like a reference to the old version is lingering in wmi, which is our problem since the detection logic in our case is querying wmi.  I'm waiting on a fix from MS.  More broadly, we can't update raw image file, VP9, HEIF, extensions... since we don't use MS Store. 

      • QulaysUser's avatar
        QulaysUser
        Copper Contributor

        arneb3 did you ever get a solution to this? Our Qualys scans are still bringing up Windows Store Apps (eg codecs) that we can't update. Is there a way to remove them from WMI?

    • OrestisO's avatar
      OrestisO
      Copper Contributor

      Hi Kurt Carpenter , what worked for me was to completely uninstall the package using Powershell and then reinstall it from Microsoft Store. I don't need the app, but that solved the problem. The same thing happened with a variety of other codecs. I don't think the uninstall from Programs and Features is a completely clean one, so Powershell was the way to go. Unfortunately, in all my cases there was only a single profile per machine so I don't know if it's installed in each user profile. 

       

      What might be an easier way to deal with this is winget. This page has a good breakdown on how to use it, whether for targeted apps or just an overall update. 

       

      https://pureinfotech.com/update-apps-winget-windows-11/

       

      I hope this helps!

Resources