#microsoft

**What type of information can be disclosed by this vulnerability?** This vulnerability could allow device security information to be disclosed including but not limited to security score, outdated operating system, and any malware infections.

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 10.5.3 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

**What firmware version of the Microsoft 4K Wireless Display Adapter has the update that protects from this vulnerability?** All firmware versions of the Microsoft 4K Wireless Display Adapter that are 3.9520.47 and higher are protected from this vulnerability. **How do I ensure my Microsoft 4K Wireless Display Adapter device has the update?** You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use the **Update & security** section of the app to download and install the latest firmware. **How could an attacker exploit this vulnerability?** An unauthenticated attacker on the same network as the Microsoft 4K Display Adapter could send specially crafted packets to a vulnerable device.

**What version of Microsoft Defender for IoT has the update that protects from this vulnerability?** Version 10.5.2 and above. **What is the action required to take the update?** You need to update to the latest Microsoft Defender for IoT software version. See the **Update the software version section** of Manage the on-premises management console. **What is Microsoft Defender for IoT?** Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**What privileges are required by the attack to exploit this vulnerability?** An attacker needs to have support user privileges to be able to exploit this vulnerability.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

**How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **2.0.23022.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **2.0.23022.0** and later contain this update. You can check the package version in PowerShell: `Get-AppxPackage -Name Microsoft.HEVCVideoExtension*`

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.