Windows 11 security bug fix debacle is seriously embarrassing for Microsoft
Date:
Wed, 17 May 2023 09:45:42 +0000
Description:
Microsoft's QA department manages to pull off a convincing impression of a bull in a china shop.
FULL STORY ======================================================================
Windows 11 has run into further problems with a security-related bug thats scaring users and was supposed to have been fixed recently but Microsoft has admitted that its cure failed to work, and it has been pulled.
This one has a bit of a lengthy backstory, as it were, so buckle up and bear with us as we take you through it to give some context as to whats happened here.
Okay, so the bug in question first appeared when Microsoft pushed out the March 2023 cumulative update for Windows 11 22H2 , causing Local Security Authority (LSA) protection to tell users that it was turned off. In actual fact, it had stayed on, the glitch being the error message, rather than LSA itself actually going wrong.
Still, some Windows 11 users being told that their device may be vulnerable due to the lack of LSA protection, complete with a big yellow warning
triangle adorned with an exclamation mark, was obviously going to provoke
some concerns.
What really didnt help is that the error persisted continually, even after reboots.
Microsoft gave us a workaround at the time if you can call it that, we were simply told to dismiss the (repeated) error messages, and assured everything was fine with LSA. But a welcome sight was an official fix for this problem arriving at the end of April.
That cure for the LSA error blues arrived in the form of an update for Microsoft Defender , but sadly, this brought forth some new bugs yes, argh namely driver conflicts , hitting some PC games with crashes (due to anti-cheat software).
And now, as Neowin observes while pointing out reports from its own readers of the LSA bug still being present Microsoft has updated its health
dashboard for Windows 11 to admit that the Microsoft Defender fix caused
these unwanted side effects, and it has now been pulled.
Microsoft tells us: This known issue was previously resolved with an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001) but issues were found, and that update is no longer being offered to devices. Analysis: Fix with one hand, break with the other
So whats the upshot? The LSA problem remains, and Microsoft is working on a new fix, with the old one stuffed firmly in the bin. Those who have already got the old fix applied (KB5007651), mind you, are kind of stuck with it.
Microsoft advises those who are already running KB5007651 (Version 1.0.2303.27001) that they will need to disable Kernel-mode Hardware-enforced Stack Protection.
The software giant provides instructions as follows : To do this, select the Start button, type Windows Security and select it, select Device Security
then select Core Isolation then disable Kernel-mode Hardware-enforced Stack Protection.
Were not exactly sure thats an ideal situation on the security front, though. But hey, if its Microsofts official advice, then it should be fine.
Meanwhile, for those still affected by the LSA bug, Microsoft instructs them to go back to that fabulous workaround mentioned previously. Yes, just ignore it, and while it will irritate you by continually popping up, theres actually nothing wrong with LSA (in distinct contrast to the yanked-down fix which definitely did cause driver-related havoc).
This has been a very messy episode for Microsoft, and not one that will especially give Windows 11 users faith that the QA department has a particularly good handle on whats going on with the OS. Hopefully, a solution that doesnt break a bunch of other stuff will be forthcoming soon.
======================================================================
Link to news story:
https://www.techradar.com/news/windows-11-security-bug-fix-debacle-is-seriousl y-embarrassing-for-microsoft
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)