Awl on soap: Microsoft replaced the non-working LSA Protection function with a new one, but it also does not work!
“Hardware stack protection in kernel mode” has failed, users are furious.
The recent Microsoft Defender update in Windows 11 brought a new security feature called Kernel Mode Hardware Stack Protection which seems to have taken over from the LSA Protection feature as users no longer see it in the same settings section. Unfortunately, Microsoft did not provide detailed information on the innovation, which caused more questions than answers.
“Local Security Authority Protection” or “LSA Protection” is a security feature that protects sensitive information such as credentials from theft by protecting LSASS from injecting untrusted code and creating a dump.
Over the past month, many Windows 11 users complained that they can’t enable LSA Protection in the Windows Security “Core Isolation” settings. When trying to do this, the system simply offered to restart the computer to activate the function, but this also did not lead to the desired result.
Repeated LSA protection warning, reboot does not help
Microsoft later stated that these warnings can be safely ignored if the “power on + reboot” cycle has been performed at least once. And the warnings themselves could be disabled by editing the Windows registry.
The recent update of Microsoft Defender made the feature even more obscure, since now LSA Protection is not mentioned anywhere at all, but the “Hardware stack protection in kernel mode” feature has appeared.
Reportedly, “kernel mode hardware stack protection” is a security feature that tries to prevent control flow attacks based on ROPwhich can lead to the execution of malicious code.
However, to use this feature, your Windows device must have a processor. Intel Tiger Lake (11th generation) or AMD Zen3 (5000 series) and later. The system will only display the new setting if the required hardware is installed on the device.
As with the Memory Integrity feature, when hardware stack protection is enabled in kernel mode, Windows ensures that incompatible drivers are not loaded into the system. And if they already are, the stack protection feature will not be enabled and Windows will display a list of all incompatible drivers.
But here’s the catch, it looks like the feature doesn’t work the way Microsoft intended. Now Windows 11 users report that see security notices that a new feature has been disabled due to conflicting drivers. “Hardware stack protection in kernel mode is disabled. Your device may be vulnerable,” reads a warning in Windows Security Center.
However, when users examine the list of conflicting drivers, it turns out to be empty, which makes it unclear why this feature cannot be activated.
New Kernel Mode Stack Protection Hardware Setting Shows Error
Moreover, as it became known, the new feature may conflict with game anti-cheat drivers, causing Windows crashes or crashes from the game. The problem is relevant for a number of popular games such as PUBG, Valorant, Bloodhunt, Destiny 2, Genshin Impact, Phantasy Star Online 2 and DayZ. Gamers of all stripes are outraged!
It is still unclear whether the LSA Protection feature is included in the kernel-mode hardware stack protection by default, or whether it has been completely removed from the Windows settings interface. No comments from Microsoft that would answer all questions and eliminate this confusion have yet been received.