New Windows security option: Enable more aggressive blocklist which includes vulnerable drivers
The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.