Last week was Windows Patch Tuesday. As such, Windows 10 and 11 have received updates to their kernel, in particular to correct vulnerabilities. Unfortunately, one of his fixes is causing more problems than it solves.
On Tuesday, June 15, Microsoft rolled out 63 fixes as part of its June 2023 Update for Windows 11 and Windows 10. For some users, this latest update is crashing Google Chrome due to MalwareBytes. Worse still, NeoWin has just discovered that one of the patches can cause great damage. Intended to close a vulnerability found in the Windows kernel, this patch can cause a fatal bug in the OS.
A vulnerability to fix in Windows 10 and 11
Named CVE-2023-32019, the original vulnerability is described by Microsoft as: “An authenticated user (attacker) can cause an information disclosure vulnerability in the Windows kernel. This vulnerability does not require administrator privileges or other elevated privileges. An attacker who successfully exploited this vulnerability could see the memory heap of a privileged process running on the server.”
Ultimately, this vulnerability, while potentially dangerous, does not pose an immediate threat to most users. But the irony is that the patch deployed is another one. On its blog dedicated to updates, Microsoft specifies:
“IMPORTANT: The fix described in this article introduces a potential breakage. Therefore, we are releasing the change disabled by default with the option to enable it. In a future release, this resolution will be enabled by default. We recommend that you validate this resolution in your environment. Then, as soon as it is validated, activate the resolution as soon as possible.“
Should I download the latest Windows update?
The difficulty is whether or not to download the latest June 13 update (KB5027231/KB5027223/KB5027219). On the one hand, this update contains security patches that you absolutely must install on your Windows machine, on the other hand Reddit is full of feedback from users complaining that the latest version of Windows has, to quote one user unlucky,”royally ****** my PC“.
Users have the option to enable or disable the patch depending on the operating system used. By default, this patch is disabled and Microsoft indicates on a help page when it should be disabled. A priori, there is therefore no risk in downloading the update for most users.
