Summary: Ransomware operators have begun exploiting vulnerabilities in the Biontdrv.sys driver, part of Paragon Hard Disk Manager, to elevate their privileges. The driver contains five critical security flaws, allowing attackers to target systems even in instances where the software is not installed, utilizing a Bring Your Own Vulnerable Driver (BYOVD) technique. Users are urged to update to the latest driver version to mitigate these risks.
Affected: Paragon Hard Disk Manager and associated products
Keypoints :
- Five vulnerabilities in Biontdrv.sys allow privilege elevation and DoS attacks.
- Exploitation of the driver can occur even without Paragon software installed due to Microsoft signing.
- Patches are available for newer Windows versions, but not for older systems.
- Users must update or apply the patch to retain functionality after February 28, 2025.
Source: https://www.securityweek.com/vulnerable-paragon-driver-exploited-in-ransomware-attacks/