Hardware-Enforced Stack Protection in Kernel Mode on Windows 11 is Disabled

Hardware-Enforced Stack Protection in Kernel Mode on Windows 11 is Disabled

Following the latest Windows Defender update, Windows 11 users are reporting a new warning from Windows Security stating "Hardware-enforced Stack Protection in kernel mode is disabled. Your device may be vulnerable." Users are attempting to enable the feature, possibly due to driver issues.

The warning was added to the Windows Security app in the latest Windows 11 update, version 21H2 or later. This change is implemented as part of a mandatory security update and is automatically installed.

The option to activate the hardware-enforced stack protection feature in kernel mode replaces the Local Security Authority (LSA), which has been malfunctioning since the March 2023 cumulative updates. Unfortunately, Windows Security has been affected by a new warning stating "Kernel-Mode Hardware-enforced Stack Protection is off".

Hardware-Enforced Stack Protection in Kernel Mode on Windows 11 is Disabled. Your device may be vulnerable.

However, this time it doesn't seem to be a technical issue. On the other hand, if you come across "Hardware-enforced Stack Protection in kernel mode is disabled. Your device may be vulnerable", it's likely that a driver or application is preventing the feature from working.

The Windows Security app may not be able to detect the incompatible driver and it may be impossible for users to solve the issue.

For the uninitiated, "Hardware-Enforced Stack Protection" is a new feature in Windows 11 that allows applications or games to leverage local CPU hardware to protect their code. It is designed to protect the memory stack, where the application codes are stored while the program is running.

The security feature can protect the code by managing the memory stack using modern CPU hardware and shadow stack (execution order of code). It is a hardware-based security feature on newer processors and will not work with certain apps or drivers, such as outdated anti-cheat systems or keyboard/mouse drivers.

For example, you won't be able to enable the feature if you have Riot Vanguard. To enable the feature, you'll need to uninstall the app.

Windows Latest understands that Microsoft is exploring a better way to detect and flag incompatible drivers, so that users can make changes.

It's worth noting that the warning in the Windows Security app that your device is "vulnerable" doesn't necessarily mean that your device is under attack. Hopefully, Microsoft will improve the warnings in the Windows Security app sooner rather than later for everyone.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Subir