After the latest Windows Defender update, Windows 11 users are reporting that Windows Security has issued a new “Kernel-mode Hardware-enforced Stack Protection has been disabled. Your device may be vulnerable” warning. The warning does not go away when users try to enable the feature, probably due to driver issues.
The alert was added to the Windows Security app in the latest update for Windows 11 version 21H2 or newer. This change is being rolled out as part of a mandatory security update and will be installed automatically.
The option to enable the hardware-enforced Stack Protection feature in kernel mode replaces the Local Security Authority (LSA), which has malfunctioned since the March 2023 cumulative updates. Unfortunately, Windows Security has been hit with a new warning that claims that “Kernel-mode Hardware-enforced Stack Protection is disabled”.
It doesn’t seem to be a notification error this time though. Instead, if you encounter “Kernel Mode Hardware-enforced Stack Protection is disabled. Your device may be vulnerable” warnings, it is likely that a driver or app is preventing the feature from working.
The Windows Security app is not good at detecting the incompatible driver and it may be impossible for users to fix the problem.
For those who don’t know, “Hardware-enforced Stack Protection” is a new Windows 11 feature that allows apps or games to use local CPU hardware to protect their code. It is intended to protect the memory stack, which is where app codes are stored during program execution.
The security feature can protect the code by managing the memory stack through modern CPU hardware and shadow stacks (the code execution order). It is a hardware-based security feature in newer processors and does not work with certain apps or drivers, such as outdated anti-cheat systems or keyboard/mouse drivers.
For example, you cannot enable the feature if you have Riot Vanguard. To enable the feature, you must uninstall the app.
Proxa News understands that Microsoft is exploring a better way to detect and flag incompatible drivers so that users can make changes.
It’s worth noting that the warning in the Windows Security app that your device is “vulnerable” doesn’t necessarily mean your device is under attack. Hopefully, Microsoft will improve Windows Security app alerts for everyone sooner rather than later.
