In a recent update, Microsoft has released an optional fix to address a kernel information disclosure vulnerability that affects systems running multiple versions of Windows, including the latest Windows 10, Windows Server, and Windows 11 releases.

This security flaw, identified as CVE-2023-32019, was reported by security researcher Mateusz Jurczyk from Google Project Zero. While the severity of the vulnerability is classified as medium with a CVSS base score of 4.7/10, Microsoft has categorized it as an important security issue.

The vulnerability allows authenticated attackers to gain access to the heap memory of privileged processes running on unpatched devices. Notably, the exploitation of this vulnerability does not require the attackers to have administrator or other elevated privileges. Instead, it depends on their ability to coordinate attacks with another privileged process run by another user on the targeted system.

What sets the CVE-2023-32019 patch apart from other security updates released as part of the June 2023 Patch Tuesday is that it remains disabled by default, even after applying the latest updates. Microsoft has provided instructions to enable the fix by making a registry change on vulnerable Windows systems.

Enabling the CVE-2023-32019 Fix

To mitigate the vulnerability associated with CVE-2023-32019, follow these steps depending on the Windows version running on your device:

1. For Windows 10 20H2, 21H2, and 22H2: Add a new DWORD registry value named 4103588492 with a value data of 1 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides registry key.
2. For Windows 11 21H2: Add a new DWORD registry value named 4204251788 with a value data of 1 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides registry key.
3. For Windows 11 22H2: Add a new DWORD registry value named 4237806220 with a value data of 1 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides registry key.
4. For Windows Server 2022: Add a new DWORD registry value named 4137142924 with a value data of 1 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides registry key.
5. For Windows 10 1607 and Windows 10 1809: Add a new DWORD registry value named ‘LazyRetryOnCommitFailure’ with a value data of 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager registry key.

It is important to note that once the mitigations for CVE-2023-32019 are fully deployed and enabled on a system, there is no way to revert the changes.

Microsoft has chosen to release this fix as an optional update, requiring users to take manual steps to enable it. While the reason behind keeping the fix disabled by default is not explicitly stated, a spokesperson from Microsoft mentioned that it should be enabled by default in a future release.

However, to ensure system stability, it is recommended to test the fix on a few machines before performing a wide deployment. Enabling certain features or fixes may sometimes cause unexpected issues within the operating system,

Source

• https://www.bleepingcomputer.com/news/security/microsoft-windows-kernel-cve-2023-32019-fix-is-disabled-by-default/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019

Recently,

Ransomware Group Strikes: A Major Bank in Spain