After the latest Windows Defender update, Windows 11 users report that Windows Security shows a new “Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable” warning. The warning doesn’t go away when users try to enable the feature, likely due to issues with drivers.
The warning has been added to Windows Security app in the latest update for Windows 11 version 21H2 or newer. This change is rolling out as part of a mandatory security update and is installed automatically.
The option to toggle on the Kernel-mode Hardware-enforced Stack Protection feature replaces Local Security Authority (LSA), which hasn’t been working properly since March 2023 cumulative updates. Unfortunately, Windows Security has been hit by a new warning that claims “Kernel-mode Hardware-enforced Stack Protection is off”.
However, it doesn’t appear to be a reporting glitch this time. Instead, if you’re running into “Kernel-mode Hardware-enforced Stack Protection is off. Your device may be vulnerable” warnings, it is likely a driver or app is preventing the feature from working.
Windows Security app isn’t good at detecting the incompatible driver, and it may be impossible for users to troubleshoot the problem.
For those unaware, “Hardware-enforced Stack Protection” is a new Windows 11 feature which enables apps or games to leverage local CPU hardware to safeguard their code. It aims to protect the memory stack, which is the place where app codes are stored during the execution of the program.
The security feature can protect the code by managing the memory stack through modern CPU hardware and shadow stacks ( code’s execution order). It is a hardware-based security feature in newer processors, and it won’t work with certain apps or drivers, such as outdated anti-cheat systems or keyboard/mouse drivers.
For example, you won’t be able to enable the feature if you have Riot Vanguard. In order to enable the feature, you’ll need to uninstall the app.
Windows Latest understands that Microsoft is exploring a better way to detect and flag incompatible drivers, so users can make changes.
It is worth noting the warning in Windows Security app that your device is “vulnerable” doesn’t necessarily mean your device is under attack. Hopefully, Microsoft will improve the Windows Security app’s warnings sooner rather than later for everyone.
