CVE-2022-50238
HIGHDescription
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2022-50238? +
How severe is CVE-2022-50238? +
How do I check if I'm vulnerable to CVE-2022-50238? +
Related Vulnerabilities
LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing …
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks …
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray entry on reparent memcg_reparent_list_lrus() clears …
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an …
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.