CVE-2023-32019 (KB5028407) requires an additional registry value be configured to enable the fix; I put together some scripts that can be used via #ConfigMgr DCM to detect/remediate, as well as handle the different OS builds and registry paths/settings. I also recently updated this to include similar scripts that can be used via #Intune [Proactive] Remediation - https://ajf8729.com/post/cve-2023-32019-kb5028407-registry-settings/