Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default


Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases.

While it has a medium severity range CVSS base score of 4.7/10, Redmond has tagged this security flaw (CVE-2023-32019) as important severity.

Reported by Google Project Zero security researcher Mateusz Jurczyk, the bug lets authenticated attackers access the heap memory of privileged processes running on unpatched devices.

While successful exploitation doesn’t require threat actors to have administrator or other elevated privileges, it does depend on their ability to coordinate their attacks with another privileged process run by another user on the targeted system.

Read more…