CVE-2022-50238
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-11-17

Assigner: MITRE

Description
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-11-17
Generated
2026-06-16
AI Q&A
2025-09-08
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50238
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
CWE-820 The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the on-endpoint Microsoft driver blocklist not being fully synchronized with the online Microsoft recommended driver block rules. Some drivers that should be blocked according to the online list remain unblocked on the endpoint because the local blocklist is not updated as frequently as expected. This desynchronization can allow potentially harmful or incompatible drivers to run on the system unless the full driver blocklist is applied using Windows Defender Application Control (WDAC) policies.

Impact Analysis

Because the on-endpoint driver blocklist is incomplete, some problematic or malicious drivers that are blocked in the online list may still be allowed to run on your system. This can lead to security risks such as system instability, compatibility issues, or exploitation by malicious drivers. Applying the full driver blocklist via WDAC policies can mitigate this risk by fully synchronizing the blocklist and preventing execution of unwanted drivers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50238. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart