CVE-2022-23300: Raw Image Extension Remote Code Execution Vulnerability

Overview

Severity
High (CVSS 7.8)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Unlikely
Patch Tuesday
2022-Mar
Released
2022-03-08
Last Updated
2022-03-24
EPSS Score
1.89% (percentile: 83.2%)

FAQ

How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by convincing a victim to download and open a specially crafted file, which could lead to a crash. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. My system is in a disconnected environment; is it vulnerable? It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update https://www.microsoft.com/Licensing/servicecenter/. Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. What version of the Raw Image Extension is secure? For Windows 11 operating systems the secure version is 2.1.30391.0 and later. For Windows 10 operating systems the secure version is 2.0.30391.0 and later.

Affected Products (21)

Windows

  • Raw Image Extension on Windows 10 Version 1809 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 1809 for x64-based Systems
  • Raw Image Extension on Windows 10 Version 1809 for ARM64-based Systems
  • Raw Image Extension on Windows 10 Version 1809 for HoloLens
  • Raw Image Extension on Windows 10 Version 1909 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 1909 for x64-based Systems
  • Raw Image Extension on Windows 10 Version 1909 for ARM64-based Systems
  • Raw Image Extension on Windows 10 Version 21H1 for x64-based Systems
  • Raw Image Extension on Windows 10 Version 21H1 for ARM64-based Systems
  • Raw Image Extension on Windows 10 Version 21H1 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 20H2 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 20H2 for ARM64-based Systems
  • Raw Image Extension on Windows 11 version 21H2 for x64-based Systems
  • Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems
  • Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems
  • Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems
  • Raw Image Extension on Windows 10 for 32-bit Systems
  • Raw Image Extension on Windows 10 for x64-based Systems
  • Raw Image Extension on Windows 10 Version 1607 for 32-bit Systems
  • Raw Image Extension on Windows 10 Version 1607 for x64-based Systems

Acknowledgments

<a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a>

Revision History

  • 2022-03-08: Information published.
  • 2022-03-24: Added platform designations to Security Updates table because the version of the raw extension is different for Windows 10 operating systems and Windows 11 operating systems. This is an informational change only.