James Forshaw from Google Project Zero wrote a blog post about building a virtual memory access trap primitive on Windows. The goal of this primitive is to cause a reader or writer of a virtual memory address to halt for a significant amount of time, which can be used to exploit certain bugs in the kernel. In his previous blog post, Forshaw proposed using an SMB file on a remote server or abusing the Cloud Filter API to achieve this. However, a new feature in Windows 11 24H2 allows for the abuse of the SMB file server directly on the local machine, without the need for a remote server. This feature introduces the ability to specify the destination TCP port for the SMB client from the command line, which can be used to connect to a fake SMB server. The new feature allows for the exploitation of vulnerabilities known as "False File Immutability" bugs, and it does not require administrator access to use. Forshaw has updated his example fake SMB server to allow binding to a different port, making it possible to perform the attack locally. This change has been made available in Windows 11 24H2, which is generally available, and it is enabled by default. An administrator can disable this feature through Group Policy, but it is unlikely that non-enterprise users will change this setting. Forshaw believes that making this feature enabled by default is a mistake that may cause problems for Windows in the future. Overall, this new feature provides a new way to exploit certain vulnerabilities in Windows, and it highlights the importance of careful consideration when introducing new features to an operating system.