CVE-2022-21836: Windows Certificate Spoofing Vulnerability

What security feature is bypassed with this vulnerability?

A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Platform Binary Table (WPBT).

In addition, Microsoft recommends customers use Windows Defender Application Control (WDAC) to limit what is allowed to run on their devices. WDAC policy is also enforced for binaries included in the WPBT and should mitigate this issue. We recommend customers implement a WDAC policy that is as restrictive as practical for their environment. You can find documentation on WDAC on https://docs.microsoft.com.