Home windows Kernel CVE-2023-32019 repair is disabled by default


Windows

Microsoft has launched an non-obligatory repair to handle a Kernel data disclosure vulnerability affecting methods operating a number of Home windows variations, together with the newest Home windows 10, Home windows Server, and Home windows 11 releases.

Whereas it has a medium severity vary CVSS base rating of 4.7/10, Redmond has tagged this safety flaw (CVE-2023-32019) as necessary severity.

Reported by Google Mission Zero safety researcher Mateusz Jurczyk, the bug lets authenticated attackers entry the heap reminiscence of privileged processes operating on unpatched units.

Whereas profitable exploitation would not require menace actors to have administrator or different elevated privileges, it does rely upon their capacity to coordinate their assaults with one other privileged course of run by one other person on the focused system.

What makes the CVE-2023-32019 patch stand out from different safety updates issued as a part of the June 2023 Patch Tuesday is that it is disabled by default, even after making use of this week’s updates.

As Microsoft explains in a assist doc, you need to make a registry change on weak Home windows methods to allow the repair.

“To mitigate the vulnerability related to CVE-2023-32019, set up the June 2023 Home windows replace or a later Home windows replace,” Microsoft says.

“By default, the repair for this vulnerability is disabled. To allow the repair, you need to set a registry key worth based mostly in your Home windows working system.”

Whereas Microsoft did not present extra particulars on why this repair is turned off by default, a spokesperson advised BleepingComputer that “the replace needs to be enabled by default in a future launch.”

Nevertheless, it is unclear if enabling the repair might trigger points within the working system, so it might be safer to check it on a couple of machines earlier than performing a large deployment.

Methods to allow the CVE-2023-32019 repair

Relying on the Home windows model operating in your system, you’ll have to add the next beneath the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides registry key:

  • Home windows 10 20H2, 21H2, 22H2: Add a brand new DWORD registry worth named 4103588492 with a worth knowledge of 1
  • Home windows 11 21H2: Add a brand new DWORD registry worth named 4204251788 with a worth knowledge of 1
  • Home windows 11 22H2: Add a brand new DWORD registry worth named 4237806220 with a worth knowledge of 1
  • Home windows Server 2022: Add a brand new DWORD registry worth named 4137142924 with a worth knowledge of 1

On Home windows 10 1607 and Home windows 10 1809, you’ll have to add a brand new DWORD registry worth named ‘LazyRetryOnCommitFailure’ with a valued knowledge of 0 beneath the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Supervisor registry key.

This isn’t the primary time the corporate has issued an non-obligatory repair for a Home windows safety vulnerability.

Simply final month, Microsoft stated {that a} patch addressing the CVE-2023-24932 Safe Boot bug exploited by BlackLotus UEFI malware as a zero-day required extra guide steps moreover putting in the safety replace to take away the assault vector.

As defined on the time, Redmond is taking a phased strategy to implement the CVE-2023-24932 protections to cut back buyer impression.

Nevertheless, it is unclear if enabling the function might trigger points within the working system, so it might be most secure to check it on a couple of machines earlier than performing a large deployment.

Microsoft additionally warned that there isn’t any solution to revert the adjustments as soon as CVE-2023-24932 mitigations are totally deployed and enabled on a system.

Leave a Reply

Your email address will not be published. Required fields are marked *