Anyone running Windows Defender AV can enable one of the Attack Surface Reduction rules to do just this.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-abuse-of-exploited-vulnerable-signed-drivers
No MDE licence necessary. This one blocks attempts to write known-vulnerable drivers to disk.
Additionally the Vulnerable Driver Blocklist has been available since Windows 10 1809 and is enabled by default in Windows 11 22H2.
This one blocks vulnerable drivers from being loaded by Windows even if they’re already installed.
Stops BYOVD attacks, at least for known-vulnerable drivers.
I know there’s been a lot of whinging on Reg about the hardware requirements for Windows 11, well most of those strict requirements are for the hardware security features that allow for robust HVCI which in turn allows for these controls.