Microsoft discovers five potentially damaging attacks against its own software

Microsoft patches Paragon Partition Manager, after finding five flaws in a kernel-level driver
One of the flaws was being actively used to drop ransomware
The driver can be abused even without the partition manager installed

Hackers are using a vulnerable Windows driver to escalate privileges through Microsoft software, allowing possible ransomware attacks via zero-days.

Microsoft confirmed the findings when it added the affected version of the driver to its Vulnerable Driver Blocklist – and at the same time, it patched five flaws in the flawed software and urged users to apply updates as soon as possible.

The flaws were apparently found in BioNTdrv.sys, a kernel-level driver for a piece of software called Paragon Partition Manager. Cybercriminals who already managed to gain some access to a target endpoint would either use this driver (if the software is installed on the device), or drop it, to gain SYSTEM privileges in Windows, used to mount ransomware attacks.

Checking the blocklist

“An attacker with local access to a device can exploit these vulnerabilities to escalate privileges or cause a denial-of-service (DoS) scenario on the victim’s machine,” CERT/CC said. “Additionally, as the attack involves a Microsoft-signed Driver, an attacker can leverage a Bring Your Own Vulnerable Driver (BYOVD) technique to exploit systems even if Paragon Partition Manager is not installed. “

Microsoft said four of the flaws affected Paragon Partition Manager versions 7.9.1 and older, with the fifth one (CVE-2025-0298) impacting version 17 and older – which was also the one apparently being actively exploited in ransomware attacks.

Now, users are urged to upgrade the software to the latest version, since it also comes with BioNTdrv.sys version 2.0.0.

Besides upgrading the software, users should also double-check if the blocklist is enabled, by going to Settings – Privacy and Security – Windows Security – Device Security – Core Isolation – Microsoft Vulnerable Driver Blocklist and making sure it’s turned on.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/GJ8T4oA8G7TYJwTEhkwJAF-1200-80.jpg

Source link

What is the release date for Marshals: A Yellowstone Story episode 6 on CBS and Paramount+?

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

This new ‘laughing rat’ malware will steal your data and hack your systems — and then laugh at you while doing it

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Best Los Angeles Airbnbs Near Universal Studios Hollywood, California

‘The Pitt’ Star Katherine LaNasa on Dana and Robby’s Fight, His Sabbatical

Best Long-Lasting Press-on Nails for Airport Travel

The Secret Place At Disney Only Celebs Can Access

Coreweave CFO Agrawal sells $1184 in shares

Form 144 Whitehawk Therapeutics For: 2 April

Realty income EVP Bushore sells $461k in stock

Form 13D/A Polestar Automotive Holding UK PLC For: 2 April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Microsoft discovers five potentially damaging attacks against its own software

Best Los Angeles Airbnbs Near Universal Studios Hollywood, California

Coreweave CFO Agrawal sells $1184 in shares

‘The Pitt’ Star Katherine LaNasa on Dana and Robby’s Fight, His Sabbatical

Form 144 Whitehawk Therapeutics For: 2 April