Security News > 2023 > April > Microsoft Defender update causes Windows Hardware Stack Protection mess

In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature.
A recent Microsoft Defender update has made this feature even more confusing, as after it is installed, the LSA Protection feature is removed and replaced by a new feature called Kernel-mode Hardware-enforced Stack Protection.
"For code running in kernel mode, the CPU confirms requested return addresses with a second copy of the address stored in the shadow stack to prevent attackers from substituting an address that runs malicious code instead," explains the Windows Kernel-mode Hardware-enforced Stack Protection setting.
It's not even clear if LSA protection is bundled into the Kernel-mode Hardware-enforced Stack Protection or has been removed from the Windows Setting interface entirely, requiring users to enable it manually via the Registry.
There has been no notice from Microsoft about the swapping of these security features or about Kernel-mode Hardware-enforced Stack Protection being added other than the brief description found in Windows Security and the scattered documentation [1, 2, 3] on the Stack Protection feature.
BleepingComputer asked Microsoft about the new Stack Protection feature if LSA Protection is now bundled within it, and the conflicts people are having.
News URL
Related news
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)