Security News > 2023 > June > Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default
Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases.
As Microsoft explains in a support document, you must make a registry change on vulnerable Windows systems to enable the fix.
"To mitigate the vulnerability associated with CVE-2023-32019, install the June 2023 Windows update or a later Windows update," Microsoft says.
"By default, the fix for this vulnerability is disabled. To enable the fix, you must set a registry key value based on your Windows operating system."
While Microsoft didn't provide additional details on why this fix is turned off by default, a spokesperson told BleepingComputer that "The update should be enabled by default in a future release."
On Windows 10 1607 and Windows 10 1809, you will have to add a new DWORD registry value named 'LazyRetryOnCommitFailure' with a valued data of 0 under the HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager registry key.
News URL
Related news
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-32019 | Exposure of Resource to Wrong Sphere vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 0.0 |