Summary: A significant security vulnerability in Paragon Partition Manager’s BioNTdrv.sys driver has been exploited in ransomware attacks, allowing threat actors to escalate privileges and execute code. The flaw, identified as CVE-2025-0289, is part of five vulnerabilities disclosed by Microsoft, which could lead to denial-of-service conditions. Paragon Software has released an update addressing these vulnerabilities, and the affected driver versions have been added to Microsoft’s blocklist.
Affected: Paragon Partition Manager
Keypoints :
- Threat actors exploit vulnerabilities in BioNTdrv.sys for privilege escalation and arbitrary code execution.
- Microsoft identified five related vulnerabilities, impacting versions 1.3.0 and 1.5.1, including CVE-2025-0285 to CVE-2025-0289.
- Paragon Software has released version 2.0.0 to address these issues, and Microsoft has added the vulnerable driver to its blocklist.
Source: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html