Microsoft Says Latest Windows Kernel Fix Could Break Even More

General
Microsoft Says Latest Windows Kernel Fix Could Break Even More

Microsoft distributed 63 patches last Tuesday as part of its June 2023 update for Windows 11 and Windows 10. Among them was a patch to fix a vulnerability discovered in Windows Kernel that could lead to information leakage, but it was discovered that the patch could cause additional problems.

The vulnerability is called CVE-2023-32019 and is described as "an authenticated user (attacker) could cause an information disclosure vulnerability in the Windows Kernel. This vulnerability does not require administrative or other elevated privileges. An attacker who successfully exploits this vulnerability can view heap memory from a privileged process running on the server."

Ultimately, this vulnerability, while potentially dangerous, does not pose an immediate threat to most people. However, it is possible to fix this vulnerability.

In an update to the bug fix page, Microsoft states (via Neowin):

"Important The solution described in this article results in a potentially disruptive change. Therefore, by default, this change will be released with this change disabled. In future releases, this solution will be enabled by default. We encourage you to validate this solution in your environment. Then, as soon as it is validated, please enable this solution as soon as possible.

Now you have the option to enable or disable bug fixes based on whether the OS you are running needs bug fixes the most. By default, bug fixes are disabled, but Microsoft has a support page that describes when bug fixes should be enabled.

The difficulty gamers now face with Windows is whether to actually download the latest update (KB5027231/KB5027223/KB5027219) on June 13.

On the one hand, this update is loaded with security fixes that you really should put on your machine.

On the other hand, Reddit is awash with anecdotal reports of Windows users complaining that the latest build of Windows has, to quote one hapless user, "royally f***ked my pc." Ouch.

Categories