The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries specify only the to-be-signed (TBS) part of signer certificate are properly blocked, but signing certificate’s TBS hash along with a 'FileAttribRef' qualifier (such file name or version) will be blocked. This vulnerability affects any system does HVCI enabled supported (HVCI available in 10, 11, and Server 2016 later). NOTE: The vendor states blocklist intended for use HVCI, while without should App Control, custom require granular approach proper enforcement.