Security News > 2023 > August > Microsoft enables Windows Kernel CVE-2023-32019 fix for everyone

Microsoft enables Windows Kernel CVE-2023-32019 fix for everyone
2023-08-14 18:13

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows.

While it is not believed to have been exploited in the wild, Microsoft initially released the security update with the fix disabled, warning that it could cause breaking changes in the operating system.

Microsoft would not share what conflicts could arise from enabling the update, simply telling BleepingComputer at the time that it would be enabled by default in the future.

As first spotted by Neowin, Microsoft has now enabled the fix for CVE-2023-32019 by default in the August 2023 Patch Tuesday updates.

"The resolution described in this article has been released enabled by default. To apply the enabled by default resolution, install the Windows update that is dated on or after August 8, 2023." explains Microsoft in an update to its support bulletin.

Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-windows-kernel-cve-2023-32019-fix-for-everyone/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-32019 Exposure of Resource to Wrong Sphere vulnerability in Microsoft products
Windows Kernel Information Disclosure Vulnerability
local
high complexity
microsoft CWE-668
4.7
4.7

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 713 868 4788 4392 3717 13765
Kernel 4 2 9 5 0 16