Windows 10 KB5055612 Preview Update Addresses WSL2 GPU Bug and Kernel Security

Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2, addressing a critical GPU paravirtualization issue in Windows Subsystem for Linux 2 (WSL2) and enhancing kernel security. This update, labeled Build 19045.5796, was rolled out to the Release Preview Channel on April 14, 2025, followed by a public preview on April 22, 2025¹. The fixes target developers using GPU-accelerated workloads in WSL2 and mitigate enterprise risks through driver blocklist updates.

TL;DR: Key Takeaways

WSL2 GPU Fix: Resolves case-sensitive bug affecting GPU acceleration in Linux workloads
Security Update: Expands Windows Kernel Vulnerable Driver Blocklist to prevent BYOVD attacks
Compatibility Note: Known issues with Citrix Session Recording Agent require workaround
Availability: Optional update via Microsoft Update Catalog or Windows Update

Technical Details of the WSL2 GPU Fix

The update corrects a case-sensitive validation error in WSL2’s GPU paravirtualization checks that previously caused failures when passing GPU resources to Linux distributions. This specifically impacts machine learning workflows, graphical applications, and CUDA-based development environments running under WSL2². Microsoft’s release notes confirm the fix maintains backward compatibility with existing GPU-PV drivers while enforcing proper case handling in driver validation routines.

For security teams managing development environments, this resolves scenarios where case mismatches in driver paths could break GPU acceleration without clear error messages. The update applies to all WSL2 installations regardless of the underlying GPU vendor (NVIDIA, AMD, or Intel).

Kernel Security Enhancements

KB5055612 introduces an updated version of the DriverSiPolicy.p7b file, which adds new entries to Microsoft’s Vulnerable Driver Blocklist. This specifically mitigates Bring Your Own Vulnerable Driver (BYOVD) attacks by preventing the loading of known exploited drivers³. The blocklist now covers additional drivers abused in recent privilege escalation campaigns, though Microsoft has not disclosed specific CVEs addressed.

The policy update follows Microsoft’s documented BYOVD mitigation strategy of maintaining a dynamically updated blocklist rather than relying solely on driver signature enforcement. Enterprises can verify the updated blocklist version through PowerShell:

Get-SystemDriver | Where-Object {$_.Blocked -eq $true} | Format-Table -AutoSize

Deployment Considerations

Organizations should note two documented compatibility issues before deployment. The update may fail on systems with Citrix Session Recording Agent 2411 installed, requiring temporary disabling of the Session Recording Monitoring service. Additionally, some systems may log false Event Viewer errors (ID 7023) related to SgrmBroker.exe, though these do not indicate actual service failures¹.

The update follows Microsoft’s standard preview release process, meaning it will be automatically included in the May 2025 Patch Tuesday cumulative update. IT administrators can test the update early through these channels:

Method	Details
Microsoft Update Catalog	Direct download package
Windows Update	Optional update requiring manual “Download and install” prompt

Security Implications

For security teams, the driver blocklist updates provide proactive protection against known attack vectors, particularly in environments where users might install unsigned or outdated drivers. The WSL2 fixes reduce support overhead for development teams using GPU-accelerated Linux tools, though organizations should still monitor for the documented compatibility issues.

With Windows 10’s end of support approaching on October 14, 2025, these updates demonstrate Microsoft’s continued commitment to maintaining stability and security for organizations still transitioning to Windows 11. The Release Preview Channel validation process suggests these fixes have undergone enterprise-level testing prior to public release⁴.