CVE-2022-50238
BaseFortify
Publication date: 2025-09-08
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-820 | The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. |
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the on-endpoint Microsoft driver blocklist not being fully synchronized with the online Microsoft recommended driver block rules. Some drivers that should be blocked according to the online list remain unblocked on the endpoint because the local blocklist is not updated as frequently as expected. This desynchronization can allow potentially harmful or incompatible drivers to run on the system unless the full driver blocklist is applied using Windows Defender Application Control (WDAC) policies.
How can this vulnerability impact me? :
Because the on-endpoint driver blocklist is incomplete, some problematic or malicious drivers that are blocked in the online list may still be allowed to run on your system. This can lead to security risks such as system instability, compatibility issues, or exploitation by malicious drivers. Applying the full driver blocklist via WDAC policies can mitigate this risk by fully synchronizing the blocklist and preventing execution of unwanted drivers.