Summary: Microsoft has identified five vulnerabilities in the BioNTdrv.sys driver used by Paragon Partition Manager, with one flaw, CVE-2025-0289, being actively exploited by ransomware groups for privilege escalation. These vulnerabilities enable attackers to elevate their privileges or cause denial-of-service scenarios, even if the Paragon software is not installed. Microsoft has introduced a Vulnerable Driver Blocklist to mitigate these risks, urging users to update to the latest software versions.
Affected: Paragon Software, Windows systems
Keypoints :
- Five vulnerabilities in the BioNTdrv.sys driver can lead to privilege escalation and denial-of-service attacks.
- BYOVD tactics allow attackers to exploit systems, even without the Paragon software installed.
- Microsoft’s Vulnerable Driver Blocklist is updated to protect users, requiring verification of its activation for enhanced security.