Fix CVE-2023-32019 the easy way

By Nicklas AhlbergIntune, Security

2023-06 quality update comes with some security fixes for supported Windows operating systems. But, one of the fixes is not enabled by default and it is up to us administrators to prepare, test and roll out the fix to our devices. In this case we just need to add a registry value and we will be all set, but as each operating system version has it’s own keys, the administration of getting this done could get complex.

As there are not a lot of documentation on this vulnerability yet I say we are better off to start testing the fix ASAP to prepare for roll out.

I have created a remediation script (previously known as proactive remediations) which can be deployed to all supported Windows versions and it will apply the correct reg value for us.

Summary:

An authenticated user (attacker) could cause an information disclosure vulnerability in Windows Kernel. This vulnerability does not require administrator or other elevated privileges.

The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server.

Successful exploitation of this vulnerability requires an attacker to coordinate the attack with another privileged process that is run by another user in the system.

KB5028407: How to manage the vulnerability associated with CVE-2023-32019 – Microsoft Support

Resolution:

To mitigate the vulnerability associated with CVE-2023-32019, install the June 2023 Windows update or a later Windows update. By default, the fix for this vulnerability is disabled. To enable the fix, you must set a registry key value based on your Windows operating system.

KB5028407: How to manage the vulnerability associated with CVE-2023-32019 – Microsoft Support

Support

As Remediations require the device to be managed by Intune this will only apply to client operating systems as per below. But feel free to use the scripts to run on your server operating systems as well, it will just require some minor changes to get going.

Windows 11-22H2
Windows 11-21H2
Windows 10-22H2
Windows 10-21H2
Windows 10-20H2
Supported Windows versions

Download

The detection and remediation scrips are found over at my Github: Intune/Remediations/2023-06 CVE-2023-32019 at main · NicklasAhlberg/Intune · GitHub

Remediation

As the 2023-06 quality updates install the fix but doesn’t enable it, all we need to do is add the correct reg value and our job is done. This is where the Remediations kicks in.

❗Remember to test this thoroughly and roll it out gradually to your devices.

  1. Download the detection and remediation scripts
  2. Open: https://intune.microsoft.com -> Devices -> Remediations
  3. Click: + Create script package
  4. Give it a name
  5. Add the detection and remediation script files and Run script in 64-bit PowerShell as per below print screen
  6. Assign it to a test group to test it thoroughly

Done!

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.