CVE-2022-50238

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues.

Published: Sep 8, 2025
Updated: Nov 4, 2025
CVE: CVE-2022-50238
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-820

Affected Software
References

No affected software listed.

https://github.com/wdormann/applywdac
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules

Vulnerability Database

CVE-2022-50238

Deep Security Visibility Without the Complexity