CVE-2022-24451 Microsoft CVE debrief

Who should care

Organizations that have Microsoft VP9 Video Extensions installed on managed endpoints, especially systems that open or process untrusted media content. Endpoint, patch-management, and Windows application owners should verify whether any affected version remains deployed.

Technical summary

NVD maps this issue to Microsoft VP9 Video Extensions and rates it CVSS 3.1 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerable CPE scope in the supplied record is versions earlier than 1.0.42791.0. The record also links to Microsoft’s MSRC advisory for the same CVE. NVD does not provide a CWE detail beyond NVD-CWE-noinfo in the supplied data.

Defensive priority

High priority for affected endpoints. It is not marked as a Known Exploited Vulnerability in the supplied enrichment, but the impact is severe enough to warrant timely remediation on any system with the affected extension installed.

Recommended defensive actions

• Inventory systems for Microsoft VP9 Video Extensions and identify any installations earlier than 1.0.42791.0.
• Apply Microsoft’s remediation guidance from the MSRC advisory for CVE-2022-24451.
• Confirm the updated version is present after remediation and remove or replace any stale vulnerable installations.
• Prioritize patching on endpoints that routinely open untrusted media or receive files from external sources.
• Monitor for unusual crashes or application behavior in media-processing paths while remediation is underway.

Evidence notes

All statements are grounded in the supplied NVD-derived fields and the official Microsoft MSRC advisory link. The supplied record shows publishedAt 2022-03-09T17:15:13.210Z and modifiedAt 2024-11-21T06:50:26.880Z. The vulnerability scope is listed as cpe:2.3:a:microsoft:vp9_video_extensions:* with versionEndExcluding 1.0.42791.0, and the CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources