Vulnerable Driver Blocklist is a security feature under Microsoft's Core Isolation umbrella for Windows. For those unaware about Core Isolation itself, this is a collection of capabilities that protect "core" Windows processes from malicious software by isolating them in memory. The Vulnerable Driver Blocklist falls within this category because it essentially offers a list of drivers that are restricted by default from ever running in Windows.
The Vulnerable Driver Blocklist is the result of an ongoing collaboration between Microsoft and independent hardware vendors (IHVs) and OEMs. Whenever a driver vulnerability is reported, the Redmond tech giant works with vendors to patch the security threat and
add a driver version to the blocklist if the threat factor is significantly high and the risk of breaking compatibility is relatively low.
This is a particularly important aspect to understand. Microsoft's Vulnerable Driver Blocklist isn't exhaustive.
It doesn't list all the compromised drivers because sometimes, blocking a driver without the user really knowing about it can cause poor user experience on Windows, such as device malfunctions and the dreaded Blue Screen of Death (BSOD). This is exactly why maintaining the list is always a careful balancing act for Microsoft.
The Vulnerable Driver Blocklist is updated through Windows Update during feature updates, which means that it is modified roughly
1-2 times a year. Whenever a driver vendor issues an update for their compromised software, they can contact Microsoft to update this blocklist.
Windows has a built-in driver kill list. This "invisible" Windows feature stops bad drivers in their tracks.
www.neowin.net
_story.jpg)
