Summary: Microsoft has released the mandatory KB5049981 cumulative update for Windows 10 22H2 and 21H2, which includes an updated Kernel driver blocklist to mitigate Bring Your Own Vulnerable Driver (BYOVD) attacks. The update also addresses security vulnerabilities and includes fixes for known issues affecting OpenSSH and certain Citrix components.
Threat Actor: (threat actors utilizing vulnerable drivers) | threat actors utilizing vulnerable drivers
Victim: (Windows 10 users) | Windows 10 users
Key Point :
- The KB5049981 update includes an updated blocklist to prevent the loading of known vulnerable Kernel drivers.
- Users can manually install the update or schedule it to install automatically, with no preview updates scheduled for December 2024.
- Known issues include potential disruptions to OpenSSH service and installation problems with certain Citrix components.