Threat actors are leveraging a critical zero-day vulnerability, CVE-2025-0289, in Paragon Partition Manager's BioNTdrv.sys driver to facilitate ransomware attacks through privilege escalation and arbitrary code execution. Discovered by Microsoft, this vulnerability is part of a wider set that includes multiple flaws like kernel memory mapping issues. Adversaries, with local access to affected systems, can exploit these vulnerabilities, potentially leading to denial-of-service scenarios. Moreover, these vulnerabilities lay the groundwork for Bring Your Own Vulnerable Driver (BYOVD) attacks, allowing further unauthorized access and malicious activity in unprotected environments.
Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code.
In a hypothetical attack scenario, an adversary with local access to a Windows machine can exploit these shortcomings to escalate privileges or cause a denial-of-service (DoS) condition.
This could also pave the way for what's called a Bring Your Own Vulnerable Driver (BYOVD) attack on systems where the driver is not installed, thereby allowing the threat actors to obtain elevated privileges.
The list of vulnerabilities, which impact BioNTdrv.sys versions 1.3.0 and 1.5.1, includes various arbitrary memory mapping and write vulnerabilities that threaten system security.
Collection
[
|
...
]