Microsoft: enabling KB5028407's security patch could break something, but we won't tell you what

Martin Brinkmann
Jun 17, 2023
Windows 11 News

Microsoft released security patches for all supported versions of Windows on the June 2023 Patch Tuesday. One of the patches addresses a security issue in Windows Kernel. While Microsoft did ship the security patch as part of the cumulative update on Tuesday, it did not enable the particular mitigation.

Microsoft explains on a support page that an attacker does not need elevation or administrative privileges to run the attack, and that it could allow the attacker to "view heap memory from a privileged process that is running on the server".

Windows devices remain vulnerable to attacks targeting the issue if the patch is not enabled in the Registry by a system administrator. The issue affects all supported Windows 10 and 11 operating systems as well as Windows Server 2022.

Microsoft did not reveal why it decided against enabling the patch by default, as it would protect all devices against the potential attack.

We asked users to be cautious and either create a system backup before enabling the patch manually or wait some days before doing so. Microsoft must have a reason for releasing the patch in disabled state.

Microsoft has now added an addendum to the patch notes. System administrators who had hoped that Microsoft would provide a reason for not enabling the security mitigation by default will be disappointed though, as the company is still tight lipped about potential issues that may arise from enabling it.

Microsoft writes: "The resolution described in this article introduces a potential breaking change. Therefore, we are releasing the change disabled by default with the option to enable it. In a future release, this resolution will be enabled by default. We recommend that you validate this resolution in your environment. Then, as soon as it is validated, enable the resolution as soon as possible."

In other words: enabling the mitigation may break something, but Microsoft won't tell its customers what it could be. Administrators need to find out by themselves therefore, which is a problem, as Microsoft does not give any hints what to look for. Administrators may spend hours evaluating systems to find potential breakage.

Microsoft plans to enable the patch by default in the future, but it has not provided a timeframe for doing so.

The original recommendation still stands because of Microsoft's refusal to provide vital information to system administrators. Create backups before enabling the Registry changes or wait until additional information becomes available.

Now you: have you enabled the Registry change on your device(s)?

Microsoft: enabling KB5028407's security patch could break something, but we won't tell you what
Article Name
Microsoft: enabling KB5028407's security patch could break something, but we won't tell you what
Enabling the security mitigation of KB5028407 could potentially break "something" on Windows devices, but Microsoft has not revealed what.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on June 23, 2023 at 4:27 pm

    It has taken them 10 years (starting from windows 8) to refresh the control panel, a thing that wasn’t broken. Sorry, I mean 40% of the control panel. What do you expect a trillion company to be able to do? Being able to fix a security bug within a month? /s

  2. eer said on June 21, 2023 at 3:48 pm

    The end of microshite and all the different versions of their ‘Control Systems’ is the best thing that could ever happen and if i did, It couldn’t come soon enough.

  3. Leonard said on June 19, 2023 at 6:11 am

    It is evident that MS has been infiltrated in recent years by people who hate Windows and want the OS to end. They have been doing hard work to destroy Windows NT.

  4. yaberasis said on June 18, 2023 at 11:15 pm

    Spectre and meltdown its back

  5. John G. said on June 18, 2023 at 10:49 pm

    I don’t understand why so bad comments about this unabled by default patch. Here four computers with the patch enabled with *.reg file as I posted above and zero problems neither none issue.

  6. just an Ed said on June 18, 2023 at 9:20 pm

    The moral of this story is to get far away from the Windows ecosystem if at all possible.
    It’s nice to be retired. Screw Microsoft.
    For those who would reply “But I need .xyz….; I did say “if at all possible”. I keep a copy on a separate hard drive, and boot it once a year to do my taxes. The interactive pdf’s only work with Adobe Reader.

  7. VioletMoon said on June 18, 2023 at 3:58 pm

    Leave it alone, I say.

    A couple of PowerShell scripts work:

    Problem for admins–

    Rule #1 – System Security takes precedence.
    Rule #2 – Absolute stability for users and productive capacity.

    What an option–If I enable the silly patch, the entire system stability is jeopardized and users are texting, emailing, calling, yelling, screaming on Monday morning. If I don’t and security is compromised, then . . . well . . . end of story.

    Long vacation in the south of France.

    1. John G. said on June 18, 2023 at 10:59 pm

      @VioletMoon > “Long vacation in the south of France.”

      I still remember the unforgettable moments with my deceased grandfather at L’Espiguette beach of Montpellier, years 2001/02/03. Nice and kind people there, and the best bread I have ever tasted. For sure one of the best places that I have enjoyed. We would like this summer to go to the La Guérite beach at the North of France, however it’s a long journey indeed from home. :S

  8. dvs said on June 18, 2023 at 8:33 am

    is this the thing from a months ago that ms said will take a year to fix completely in multiple steps?

    secure boot?

    guess not… a different long arse fix.

  9. restore os said on June 18, 2023 at 3:54 am

    And Intel company nothing speeches about that in their latest security bulletins, if this vulnerability fix with microcode of them or/for Microsoft

  10. Don't do it said on June 17, 2023 at 11:21 pm

    I just enabled it and now my phone beeped. Coincidence????

  11. Voivod Of Danzig said on June 17, 2023 at 11:18 pm

    We all know the “patch” will force you to create a Microsoft account to be able to use your computer. Sorry, I of course meant Microsofts computer that you are allowed to use as they see fit.

  12. Anonymous said on June 17, 2023 at 7:40 pm

    >have you enabled the Registry change on your device(s)?

    No, because I don’t know what to change or where.

  13. John G. said on June 17, 2023 at 7:15 pm

    A friend of mine enabled the patch days ago and nothing wrong by now. However other friend of mine received a notification problem with fTPM even with no patch application. So a must see!

    1. John G. said on June 17, 2023 at 7:58 pm

      I have enabled it hours ago and everything is working fine here. Printers included, LOL.

      1. John G. said on June 18, 2023 at 12:18 am

        Here there is the content for some *.reg files to apply the fix not enabled for the kernel exploit for Windows 10 versions 1607, 1809, 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2, and Windows Server 2022 (KB5028407):

        For Windows 11 22H2:

        Windows Registry Editor Version 5.00

        For Windows 11 21H2:

        Windows Registry Editor Version 5.00

        For Windows 10 20H2, 21H2, 22H2:

        Windows Registry Editor Version 5.00

        For Windows Server 2022:

        Windows Registry Editor Version 5.00

        For Windows 10 1607, 1809:

        Windows Registry Editor Version 5.00
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]

  14. LaurentG said on June 17, 2023 at 5:58 pm

    On my laptop (Win10 22H2), I can’t see any track of KB5028407, and I don’t know if it were actually part of June 23 Windows update.

    Moreover, the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides doesn’t exist (while it’s there I would be supposed to create a DWORD value named 4103588492 to activate the patch).
    Actually there is nothing in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies, and Msoft’s doc doesnt’ say to create subkeys Microsoft\FeatureManagement\Overrides, but only to create a value inside this subkey….

    Strange. Error in Msoft’s doc ?

    In the mean time, I won’t do anything !


    1. Martin Brinkmann said on June 17, 2023 at 6:45 pm

      You need to create the keys in the Registry if they do not exist. The instructions are lacking, that is for sure.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.