CVE-2022-50238

HIGH

Windows < Server 2025 - Incomplete Driver Blocklist Synchronization

Title source: llm

Description

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues.

References (2)

Core 2

Core References

Various Sources

https://github.com/wdormann/applywdac

View Writeup ZIP pw:eip

Vendor Advisory

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules

Scores

CVSS v3 7.4

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-184 CWE-820

Status published

Products (1)

Microsoft/Windows 10 - Server 2025

Published Sep 08, 2025

Tracked Since Feb 18, 2026