Microsoft Windows Codecs Library Vulnerability showing up on scan, even after updating the apps.


Hello Tech Community,


I hope I'm posting this in the right place. I need help with some vulnerability issues. This is happening for a few things, and I'm at a loss as to what to do next. This example is the Qualys QID 91866 Microsoft Windows Codecs Library HEVC Video and VP9 Extensions Remote Code Execution (RCE) Vulnerability for February 2022.

I have updated all the relevant codecs, checked their current versions in PowerShell and confirmed with the CVE that they are up to date, but the VM keeps retrieving this in its scan. The only place I can find older version remnants is the registry, and I don't particularly want to go in and remove a bunch of keys. I'm also not able uninstall the codecs or the other apps this issue keeps happening on. 


In this case, the scan shows 

Microsoft vulnerable Microsoft.VP9VideoExtensions detected 
Version     '1.0.13333.0' 

 Installed version is 1.0.42351.0 . 


This is also happening with the Office App and Photos App. Any ideas as to how best to remediate?


Thanks for the help!




0 Replies