13/06/2023 brought Patch Tuesday updates from Windows 11 and 10 but users are facing breaking issues after they installed them. We have already covered one of them – Fix Google Chrome Problems KB5027231, KB5027215 in Windows 11 or 10. The Windows updates contain a large number of patches (63) including a fix for the vulnerability found in Windows Kernel. The updates rolled out were KB5027231, KB5027223, and KB5027219.
During the deployment of patches, another vulnerability tracking ID CVE-2023-32019 occurs which explained that it allowed “An authenticated user (attacker) could cause an information disclosure vulnerability in Windows Kernel“. This vulnerability does not require administrator or other elevated privileges to penetrate the security shield. Microsoft has released a suggestion to deal with this kernel vulnerability
Table of Contents
KB5027223, KB5027231, KB5027219 Breaking Issues with Windows 11 and 10
Here is How to fix KB5027223, KB5027231, KB5027219 Breaking Issues with Windows 11, 10:
Modify Registry Entries using Elevated Command Prompt
- Press Windows and S keys.
- Type cmd.exe and press Enter.
- Select Yes on the User account control.
- For different Windows versions, copy the following commands and press Enter:
On Windows 11 22H2
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 4237806220 /t REG_DWORD /d 1 /fOn Windows 11 21H2
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 4204251788 /t REG_DWORD /d 1 /fOn Windows 10 22H2, 21H2, and 20H2
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 4103588492 /t REG_DWORD /d 1 /fOn Windows Server 2022
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 4137142924 /t REG_DWORD /d 1 /fOn Windows 10 1809 and Windows Server 2019
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager /v LazyRetryOnCommitFailure /t REG_DWORD /d 0 /fOn Windows 10 1607 and Windows Server 2016
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager /v LazyRetryOnCommitFailure /t REG_DWORD /d 0 /f
Source:
KB5028407: How to manage the vulnerability associated with CVE-2023-32019
Summary
An authenticated user (attacker) could cause an information disclosure vulnerability in Windows Kernel. This vulnerability does not require administrator or other elevated privileges.
The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server.
Successful exploitation of this vulnerability requires an attacker to coordinate the attack with another privileged process that is run by another user in the system.
For more information about this vulnerability, see CVE-2023-32019 | Windows Kernel Information Disclosure Vulnerability.
Resolution
IMPORTANT The resolution described in this article introduces a potential breaking change. Therefore, we are releasing the change disabled by default with the option to enable it. In a future release, this resolution will be enabled by default. We recommend that you validate this resolution in your environment. Then, as soon as it is validated, enable the resolution as soon as possible.
To mitigate the vulnerability associated with CVE-2023-32019, install the June 2023 Windows update or a later Windows update. By default, the resolution for this vulnerability is disabled. To enable the resolution, you must set a registry key value based on your Windows operating system.
Credit: Knowledgebase article.
Method:
Modify Registry Entries using Elevated Command Prompt
That’s all!!