Microsoft says latest Windows Kernel fix might actually break more things
Microsoft rolled out 63 patches as a part of its June 2023 update for Windows 11 and Windows 10 last Tuesday. Included among them was a fix intended to patch up a vulnerability found in Windows Kernel that could lead to information disclosure, but as it turns out the patch may lead to further issues.
The vulnerability goes by CVE-2023-32019, and it's described as allowed «An authenticated user (attacker) could cause an information disclosure vulnerability in Windows Kernel. This vulnerability does not require administrator or other elevated privileges. The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server.»
Ultimately, the vulnerability, while potentially dangerous, shouldn't pose an immediate threat to most. However, the fix for it might.
In an update to the bugfix page, Microsoft said (via Neowin):
"IMPORTANT The resolution described in this article introduces a potential breaking change. Therefore, we are releasing the change disabled by default with the option to enable it. In a future release, this resolution will be enabled by default. We recommend that you validate this resolution in your environment. Then, as soon as it is validated, enable the resolution as soon as possible."
Windows 11 review: What we think of the new OSHow to install Windows 11: Safe and secure installWhat you need to know before upgrading: Things to note before downloading the latest OSWindows 11 TPM requirements: Microsoft's strict security policy
Now you have the option to either enable or disable the bugfix based on whether the OS you're running needs it most. By default, the fix is disabled, but Microsoft lists when it should be enabled in a support page.
T
Read more on pcgamer.com
