adds Windows Defender below Windows 11 and or newer versions add a new feature to block vulnerable drivers. This feature aims to help IT professionals protect users from malicious drivers.
Microsoft Vice President of OS Security and Enterprise David Weston tweeted on March 27th about the new Windows security option. The feature is enabled by default in Windows 10 in S mode and on devices that have the Memory Integrity Core Isolation feature, which relies on virtualization-based security. (This Core Isolation Memory Integrity feature is also known as Hypervisor-Protected Code Integrity, or HVCI). For more details, see this Microsoft article on recommended driver blocking rules.
This blocking feature relies on a list of blocked drivers maintained by Microsoft in collaboration with OEM partners. As explained on ghacks.net, these drivers can be marked as blocked because they have known vulnerabilities that can be exploited to elevate Windows kernel privileges. These drivers act as malware, certificates used to sign malware, or exhibit behaviors that bypass the Windows security model and can be used to elevate Windows kernel privileges.