#Microsoft Windows Codecs Library

**How could this vulnerability affect my system** A crafted image file could cause a crash in Explorer during browsing of the directory containing the file. **How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **1.0.43421.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **1.0.43422.0** and later contain this update. You can ch...

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`

*How do I get the updated app?* The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. *My system is in a disconnected environment; is it vulnerable?* Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. *How can I check if the update is installed?* If your device manufacturer preinstalled this app, package versions *1.0.42091.0* and later contain this update. If you purchased this app from the Microsoft Store, package versions *1.0.42094.0* and later contain this update. You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.HEVCVideoExtension*