Ransomware operators have found a way to exploit a Microsoft Windows-signed driver from Paragon Partition Manager, posing a threat to system security.
What Happened: The Paragon Partition Manager uses a Microsoft Corp. (NASDAQ:MSFT) approved, digitally signed driver, BioNTdrv.sys, for storage partition management. However, vulnerabilities in this driver can be exploited by malware to gain SYSTEM-level access on affected systems.
This allows attackers to deploy the driver with ransomware, leveraging its trusted status by the operating system.
See Also: Apple Unveils iPhone 16e With A18 Chip, AI Features, $599 Price Tag
The CERT Coordination Center (CERT/CC) highlighted that the attack uses a Bring Your Own Vulnerable Driver (BYOVD) technique, which can be exploited …
