Microsoft has enabled a fix for a kernel disclosure vulnerability (CVE-2023-32019) that it had disabled in previous Windows updates. The vulnerability, discovered by Mateusz Jurczyk of Google Project Zero, allows an attacker to access the memory of privileged processes to obtain potentially sensitive information.
Microsoft previously provided instructions for administrators to enable the fix by manually editing the Windows registry, noting the “resolution described in this article introduces a potential breaking change.” The warning led to uncertainty for many administrators who held out on deploying the fix out of concern that it would interfere with their Windows installations.
Microsoft has enabled the fix by default in Windows updates wince August 8, 2023.