"The exploitation of Paragon Partition Managerâs trusted kernel-level driver allows attackers to hijack systems through the BYOVD technique, even without Paragon installed."
"According to CERT/CC, one of the five now-fixed security flaws in Paragon Partition Manager's driver has been abused in the wild by ransomware miscreants."
Ransomware criminals are exploiting a security flaw in the Paragon Partition Manager's trusted Windows kernel-level driver, BioNTdrv.sys. This driver, designed for managing storage partitions, is Microsoft-approved and signed, which allows attackers to misuse it for SYSTEM-level access. Even if the Paragon application is not installed, attackers can employ the BYOVD technique to compromise systems by deploying copies of the driver. CERT/CC has identified five vulnerabilities in the driver that have already been exploited in the wild, putting users at risk of significant damage.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]