Security News > 2022 > October > Microsoft fixes Windows vulnerable driver blocklist sync issue

Microsoft says it addressed an issue preventing its vulnerable driver blocklist from being synced to systems running older Windows versions.

This blocklist is designed to block threat actors from dropping legitimate but vulnerable drivers on targets' systems in Bring Your Own Vulnerable Driver attacks on HVCI-enabled Windows machines or those running Windows in S Mode.

Although Microsoft has been advertising its driver blocklist as capable of hardening Windows systems against vulnerable third-party drivers, ANALYGENCE security analyst Will Dormann found that wasn't the case.

As Dormann discovered, unlike Windows 11 devices, even up-to-date Windows 10 and Windows Server systems were being provided with an outdated list of vulnerable drivers from December 2019, exposing customers who thought they were protected to BYOVD attacks.

More than a month after Dormann revealed that the list of vulnerable drivers wasn't kept up to date on Windows 10 and some Windows Server systems, Microsoft has now finally addressed this issue.

Redmond has addressed the driver blocklist sync issue with the October 2022 preview release, which will also ensure that the blocklist on older OS versions will be the same as the up-to-date one on Windows 11 21H2 and later.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-vulnerable-driver-blocklist-sync-issue/