Microsoft Vulnerable Driver Blocklist Synchronization Issue
Vulnerability
A synchronization issue has been identified between the on-endpoint Microsoft vulnerable driver blocklist and the online recommended driver block rules. Some entries in the online list have been excluded from the on-endpoint blocklist for longer than the usual monthly Windows update cycle. This issue affects various Windows versions, including Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025. The root cause lies in the compatibility-focused driver blocklist provided by Windows Update for general users, which does not fully align with the comprehensive blocklist available for advanced users and organizations.
Impact
This desynchronization can lead to vulnerable drivers remaining active on endpoints, potentially allowing exploitation of known driver vulnerabilities in the Windows kernel.
Remediation
To synchronize the driver blocklist, the Microsoft recommended driver block rules can be applied using Windows Defender Application Control (WDAC) policies. Instructions for downloading and applying the vulnerable driver blocklist are available on the Microsoft Download Center.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.