Microsoft has finally fixed the issue that prevented the vulnerable driver blocklist from being copied to older versions of Windows. The blocklist is designed to prevent the threat of vulnerable drivers that look legitimate from being installed on systems. The vulnerable drivers are then exploited allowing hackers to gain access to your system. This is a common method of exploiting Windows machines discussed in hacker groups. The exploit was discovered by security analyst Will Dorman last month.
Microsoft has acknowledged Dorman’s findings and promised to fix the issue in its documentation as well as a future software update. The issue was fixed in the October 2022 preview update, the blocklist now syncs properly across Windows 10 and Windows 11.
Thanks for all the feedback. We have updated the online docs and added a download with instructions to apply the binary version directly. We’re also fixing the issues with our servicing process which has prevented devices from receiving updates to the policy.
— Jeffrey Sutherland (@j3ffr3y1974) October 6, 2022
Starting with Windows 11 2022, the blocklist is enabled by default, though there is a toggle to disable it, the toggle doesn’t appear to be active at this time. Third-party registry edits are available to adjust the toggle but are not recommended.
