Security News > 2023 > June > Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default

Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default
2023-06-14 21:43

Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases.

As Microsoft explains in a support document, you must make a registry change on vulnerable Windows systems to enable the fix.

"To mitigate the vulnerability associated with CVE-2023-32019, install the June 2023 Windows update or a later Windows update," Microsoft says.

"By default, the fix for this vulnerability is disabled. To enable the fix, you must set a registry key value based on your Windows operating system."

While Microsoft didn't provide additional details on why this fix is turned off by default, a spokesperson told BleepingComputer that "The update should be enabled by default in a future release."

On Windows 10 1607 and Windows 10 1809, you will have to add a new DWORD registry value named 'LazyRetryOnCommitFailure' with a valued data of 0 under the HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager registry key.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-windows-kernel-cve-2023-32019-fix-is-disabled-by-default/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-32019 Exposure of Resource to Wrong Sphere vulnerability in Microsoft products
Windows Kernel Information Disclosure Vulnerability
local
high complexity
microsoft CWE-668
4.7
4.7

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kernel 4 2 8 5 0 15