Windows 10 KB5049981 update released with new BYOVD blocklist
2 mins read

Windows 10 KB5049981 update released with new BYOVD blocklist

geekfeed0Tagged , , , , , ,

Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks.

The Windows 10 KB5049981 update is mandatory as it contains Microsoft’s January 2025 Patch Tuesday security updates.

Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’

However, as this update is mandatory, it will automatically start installing in Windows once you check for updates. To make this more manageable, you can schedule a time when your computer is restarted to finish the installation.

Windows 10 KB5049981 cumulative update preview
Windows 10 KB5049981 cumulative update preview

After installing this update, Windows 10 22H2 will be updated to build 19045.5371 and Windows 10 21H2 will be build 19044.5371.

Windows 10 users can also manually download and install the KB5049981 update from the Microsoft Update Catalog.

Microsoft also warns that there will be no Windows 10 preview updates in December due to the holidays. The preview updates will resume in January 2025.

What’s new in Windows 10 KB5049981

As this is the first Windows 10 update of 2025, and there were no preview updates released in December 2024, the KB5049981 mainly contains security fixes.

However, the support bulletin does list one fix, which is an updated Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b) policy file.

This blocklist file contains a list of Kernel drivers that are known to contain vulnerabilities that can be exploited to gain elevated privileges in Windows.

Threat actors commonly utilize vulnerable drivers in their own attacks to elevate privileges to install rootkits or terminate EDR and antivirus software, which is normally protected from user-mode processes.

This new blocklist will prevent listed kernel drivers from being loaded in Windows.

Microsoft says they also know of some known issues with the KB5049981 cumulative update.

The first known issue is that the updates can prevent the OpenSSH (Open Secure Shell) service from starting, which can break SSH connections.

The other is a new issue where certain Citrix components may prevent the installation of this update.

“Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update,” reads the Microsoft support bulletin.

“This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024.”

More information can be found in the KB5049981 support bulletin.

Leave a Reply

Your email address will not be published. Required fields are marked *

Website https://geekfeed.net

Related Posts