CVE-2022-50238

CWE-820CWE-1843 documents3 sources
Severity
7.4HIGH
EPSS
0.0%
top 86.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Windows
Timeline
PublishedSep 8

Description

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the f

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft/windows10Server 2025

🔴Vulnerability Details

2
GHSA
GHSA-m379-7mfm-wqr6: The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules2025-09-08
CVEList
CVE-2022-50238: The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules2025-09-08
CVE-2022-50238 (HIGH CVSS 7.4) | The on-endpoint Microsoft vulnerabl | cvebase.io