diff --git a/debian/control b/debian/control
index 33fe7d4..bfabc0f 100644
--- a/debian/control
+++ b/debian/control
@@ -103,6 +103,9 @@ Description: enhances misc security settings
  /lib/systemd/system/hide-hardware-info.service
  /lib/systemd/system/user@.service.d/sysfs.conf
  /etc/hide-hardware-info.d/30_default.conf
+ .
+  * The MSR kernel module is blacklisted to prevent CPU MSRs from being
+ abused to write to arbitrary memory.
  .
  Improve Entropy Collection
  .
diff --git a/etc/modprobe.d/msr.conf b/etc/modprobe.d/msr.conf
new file mode 100644
index 0000000..c9a39bf
--- /dev/null
+++ b/etc/modprobe.d/msr.conf
@@ -0,0 +1,3 @@
+# Blacklist CPU MSRs as they can be abused to write to
+# arbitrary memory.
+install msr /bin/false