Ransomware operators have found a way to exploit a Microsoft Windows-signed driver from Paragon Partition Manager, posing a threat to system security.
What Happened: The Paragon Partition Manager uses a Microsoft Corp. MSFT approved, digitally signed driver, BioNTdrv.sys, for storage partition management. However, vulnerabilities in this driver can be exploited by malware to gain SYSTEM-level access on affected systems.
This allows attackers to deploy the driver with ransomware, leveraging its trusted status by the operating system.
See Also: Apple Unveils iPhone 16e With A18 Chip, AI Features, $599 Price Tag
The CERT Coordination Center (CERT/CC) highlighted that the attack uses a Bring Your Own Vulnerable Driver (BYOVD) technique, which can be exploited even if Paragon Partition Manager is not installed.
One of the five security flaws, CVE-2025-0289, has been actively used in ransomware attacks. Microsoft identified these vulnerabilities and informed Paragon Software, resulting in the release of a patched driver version 2.0.0.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
To mitigate the risk, Microsoft has added the vulnerable driver versions to its Vulnerable Driver Blocklist, which is enabled by default on Windows 11 devices.
Why It Matters: This incident is part of a broader pattern of security challenges for Microsoft.
In April 2024, Microsoft faced scrutiny after a security breach exposed internal files and credentials on the internet.
Security researchers from SOCRadar discovered an open Azure storage server hosting internal data related to Microsoft’s Bing search engine. This breach raised concerns about the company’s integrity and trust.
Additionally, a report from the U.S. Cyber Safety Review Board highlighted the need for an overhaul of Microsoft’s security culture. The company has faced a series of high-profile security breaches in recent years, underscoring the importance of addressing vulnerabilities promptly.
In June 2024, another significant vulnerability was discovered, allowing hackers to infect PCs over Wi-Fi, affecting all versions of Windows with a CVSS score of 8.8 out of 10.
Read Next:
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Photo courtesy: Shutterstock
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
