Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

What security leaders need to know about AI governance in SaaS

European Innovation Methods to Turn Research into Market Success

Unlock US critical mineral supply

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Hackers are paragon partition manager driver driver ransomware attack vulnerability
Identity

Hackers are paragon partition manager driver driver ransomware attack vulnerability

userBy userMarch 3, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 3, 2025Ravi LakshmananRansomware/Vulnerability

Partition Manager Driver Vulnerability

Threat actors are exploiting security vulnerabilities in the paragon partition manager’s biontdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code.

Zero Day Flaw (CVE-2025-0289) is part of a set of five vulnerabilities discovered by Microsoft, according to the CERT Coordination Center (CERT/CC).

“These include arbitrary kernel memory mapping and write vulnerabilities, repeated null pointers, unstable kernel resource access, and arbitrary memory movement vulnerabilities,” CERT/CC said.

Cybersecurity

In a hypothetical attack scenario, enemies with local access to Windows machines can either exploit these drawbacks to escalate privileges or create a denial of service (DOS) state by exploiting the fact that “Biontdrv.Sys” is signed by Microsoft.

This can also open what is called bringing your own Vulnerable Driver (BYOVD) attack on systems that do not have drivers installed, allowing threat actors to gain high privileges and execute malicious code.

The list of vulnerabilities affecting biontdrv.sys versions 1.3.0 and 1.5.1 is as follows:

CVE-2025-0285 – Any kernel memory mapping that maps vulnerabilities in version 7.9.1 due to the failure to verify the length of the data in user supply. An attacker can exploit this flaw to escalate privileges. CVE-2025-0286 – Inappropriate verification of user supply data length causes any kernel memory to write vulnerabilities in version 7.9.1. This flaw allows an attacker to execute arbitrary code on the victim’s machine. CVE-2025-0287 – Vulnerability in version 7.9.1 due to the absence of a valid MasterLRP structure in the input buffer. This allows the attacker to execute arbitrary kernel code and allow privilege escalation. CVE-2025-0288 – Any kernel memory vulnerability in version 7.9.1 caused by MemMove function that fails to sanitize user-controlled input. This allows an attacker to create arbitrary kernel memory and achieve privilege escalation. CVE-2025-0289 – Unstable kernel resource access vulnerability in version 17 due to failing to pass to Halreturntofirmware after mapping Systemva pointer validation. This allows the attacker to compromise on the affected services.

Cybersecurity

The vulnerability has since been addressed by Paragon software with driver version 2.0.0, and the driver susceptibility version has been added to Microsoft’s driver block list.

The development comes days after Checkpoint unveiled details of a massive malware campaign that bypasses and deploys GH0st rat malware, leveraging another vulnerable Windows driver associated with another vulnerable Windows driver (“TrueSight.Sys”) associated with Adlice’s suite of products.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleIs SoftBank sustainable in talks to borrow $16 billion for AI after a $2.4 billion loss?
Next Article At least one person was killed after a car drove into a crowd in Mannheim, Germany | Crime News
user
  • Website

Related Posts

What security leaders need to know about AI governance in SaaS

July 10, 2025

ServiceNow Flaw CVE-2025-3648 can lead to data exposure via misunderstood ACLS

July 10, 2025

The Future of Process Automation is Here: Meet TwinH

July 9, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

What security leaders need to know about AI governance in SaaS

European Innovation Methods to Turn Research into Market Success

Unlock US critical mineral supply

Sewage runoff and coastal winds fuel microplastic pollution

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.