Last Tuesday, Microsoft rolled out 63 updates corresponding to its June 2023 cycle for Windows 11 and Windows 10. One of these updates was aimed at fixing a vulnerability found in the Windows kernel, which could lead to unauthorized information disclosure. However, it seems that this solution could trigger new difficulties.
Among these 63 updates was included one to rectify a vulnerability present in the Windows kernel, although what was expected to be a solution has led to more problems. We refer to the CVE-2023-32019 vulnerability, which affects Windows 11.
This vulnerability has been described as a security hole that allows access as an authenticated user, and although it can be considered an attacker, it can access information in the Windows kernel. The worrying thing is that this attacker does not need administrator privileges to carry out the exploit, and can even view the reserved memory of a process running on the server.
Microsoft releases updates to fix a vulnerability
To stop this vulnerability, Windows recommends installing the aforementioned June update. However, the real problem is that Microsoft has added a warning note stating that this security update for the Windows kernel has required a patch due to security issues.
Microsoft has made the decision to disable the corrective measure aimed at addressing this vulnerability, a move that seems to contradict their initial goal of resolving the issue. Unfortunately, the company does not provide details as to why it has made this decision, but that is all that has been communicated so far. In Windows 10 and 11, Microsoft has decided to push the update anyway with the security fix disabled by default, although it gives us the option to activate the mitigation manually.
Although they provide us with this option, when Microsoft decides not to turn on a feature until a future update, it’s usually because of security concerns and potential issues. In fact, if we want to activate the feature, we must modify a value in the system registry, which is not a simple process for all users. The most prudent thing, if we have already applied the Windows update with the June 2023 patches, is to keep abreast of the updates. For those who have not yet applied the update, it should be noted that this is not an extremely dangerous vulnerability.
Fountain: PC Gamer
