The Information Highway

The Information Highway

Font size: +
3 minutes reading time (547 words)

Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default

Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases. 


While it has a medium severity range CVSS base score of 4.7/10, Redmond has tagged this security flaw (CVE-2023-32019) as important severity. 

Reported by Google Project Zero security researcher Mateusz Jurczyk, the bug lets authenticated attackers access the heap memory of privileged processes running on unpatched devices.

While successful exploitation doesn't require threat actors to have administrator or other elevated privileges, it does depend on their ability to coordinate their attacks with another privileged process run by another user on the targeted system.

What makes the CVE-2023-32019 patch stand out from other security updates issued as part of the June 2023 Patch Tuesday is that it's disabled by default, even after applying this week's updates.

As Microsoft explains in a support document, you must make a registry change on vulnerable Windows systems to enable the fix.

"To mitigate the vulnerability associated with CVE-2023-32019, install the June 2023 Windows update or a later Windows update," Microsoft says.

"By default, the fix for this vulnerability is disabled. To enable the fix, you must set a registry key value based on your Windows operating system."

While Microsoft didn't provide additional details on why this fix is turned off by default, a spokesperson told BleepingComputer that "the update should be enabled by default in a future release."

However, it's unclear if enabling the fix may cause issues in the operating system, so it may be safer to test it on a few machines before performing a wide deployment.


How to enable the CVE-2023-32019 fix

Depending on the Windows version running on your device, you will have to add the following under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides registry key:

  • Windows 10 20H2, 21H2, 22H2: Add a new DWORD registry value named 4103588492 with a value data of 1
  • Windows 11 21H2: Add a new DWORD registry value named 4204251788 with a value data of 1
  • Windows 11 22H2: Add a new DWORD registry value named 4237806220 with a value data of 1
  • Windows Server 2022: Add a new DWORD registry value named 4137142924 with a value data of 1


On Windows 10 1607 and Windows 10 1809, you will have to add a new DWORD registry value named 'LazyRetryOnCommitFailure' with a valued data of 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager registry key.

This is not the first time the company has issued an optional fix for a Windows security vulnerability.

Just last month, Microsoft said that a patch addressing the CVE-2023-24932 Secure Boot bug exploited by BlackLotus UEFI malware as a zero-day required additional manual steps besides installing the security update to remove the attack vector.

As explained at the time, Redmond is taking a phased approach to enforce the CVE-2023-24932 protections to reduce customer impact.

However, it's unclear if enabling the feature may cause issues in the operating system, so it may be safest to test it on a few machines before performing a wide deployment.

Microsoft also warned that there is no way to revert the changes once CVE-2023-24932 mitigations are fully deployed and enabled on a system.

Google Maps is getting 3 big upgrades to make your...
Chinese Cyberspies Caught Exploiting VMware ESXi Z...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023