dubious "fix" for QueryWorkingSetEx
The fix requires the PROCESS_QUERY_INFORMATION flag for QueryWorkingSetEx instead of PROCESS_QUERY_LIMITED_INFORMATION, so less privileged processes cannot directly access page cache information.
This approach - requiring higher privileges for an existing function - has limited merit. Applications which rely on the function (here QueryWorkingSetEx) will either lose functionality, or more likely will be changed to run with higher privilege; so vulnerabilities in those applications become more dangerous.
The Windows security model is already flawed with respect to a number of query operations. For example, excess privilege is needed to query whether a known process is still running - a common requirement, and not one that should require special privilege. The benefit of removing that side channel is dwarfed by the privilege leak.
PROCESS_QUERY_LIMITED_INFORMATION was introduced in Vista / Server 2008 (if memory serves) specifically to improve privilege granularity, following the principle of least privilege. This change reduces its usefulness.
Biting the hand that feeds IT
