Ransomware gangs are actively exploiting a vulnerability (CVE-2025-0289) in the Paragon Partition Manager’s BioNTdrv.sys driver to escalate privileges in Windows systems. The attack follows the Bring Your Own Vulnerable Driver (BYOVD) technique, where threat actors install outdated drivers to bypass security measures.
Microsoft has discovered five security flaws in the driver, with one being exploited in zero-day attacks. While patches have been released, attackers can still use the vulnerable driver even if Paragon software isn’t installed. Microsoft has updated its Vulnerable Driver Blocklist, and users are urged to enable it to block exploitation attempts.
Microsoft has discovered five security flaws in the driver, with one being exploited in zero-day attacks. While patches have been released, attackers can still use the vulnerable driver even if Paragon software isn’t installed. Microsoft has updated its Vulnerable Driver Blocklist, and users are urged to enable it to block exploitation attempts.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)