Microsoft says latest Windows Kernel fix might actually break more things

Microsoft rolled out 63 patches as a part of its June 2023 update for Windows 11 and Windows 10 last Tuesday. Included among them was a fix intended to patch up a vulnerability found in Windows Kernel that could lead to information disclosure, but as it turns out the patch may lead to further issues.

The vulnerability goes by CVE-2023-32019, and it's described as allowed "An authenticated user (attacker) could cause an information disclosure vulnerability in Windows Kernel. This vulnerability does not require administrator or other elevated privileges. The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server."

Ultimately, the vulnerability, while potentially dangerous, shouldn't pose an immediate threat to most. However, the fix for it might.

In an update to the bugfix page, Microsoft said (via Neowin):

"IMPORTANT The resolution described in this article introduces a potential breaking change. Therefore, we are releasing the change disabled by default with the option to enable it. In a future release, this resolution will be enabled by default. We recommend that you validate this resolution in your environment. Then, as soon as it is validated, enable the resolution as soon as possible."

Now you have the option to either enable or disable the bugfix based on whether the OS you're running needs it most. By default, the fix is disabled, but Microsoft lists when it should be enabled in a support page.

The difficulty that gamers face right now with Windows is whether to actually download the latest June 13 update (KB5027231/KB5027223/KB5027219). 

On the one hand, it's filled with security fixes that you really should have on your machine.

On the other hand, Reddit is filled with anecdotal reports of Windows users complaining that the latest build of Windows has, to quote one unlucky user, "royally f***ked my pc." Ouch.