Microsoft discovers five potentially damaging attacks against its own software

• Microsoft patches Paragon Partition Manager, after finding five flaws in a kernel-level driver
• One of the flaws was being actively used to drop ransomware
• The driver can be abused even without the partition manager installed

Hackers are using a vulnerable Windows driver to escalate privileges through Microsoft software, allowing possible ransomware attacks via zero-days.

Microsoft confirmed the findings when it added the affected version of the driver to its Vulnerable Driver Blocklist - and at the same time, it patched five flaws in the flawed software and urged users to apply updates as soon as possible.

The flaws were apparently found in BioNTdrv.sys, a kernel-level driver for a piece of software called Paragon Partition Manager. Cybercriminals who already managed to gain some access to a target endpoint would either use this driver (if the software is installed on the device), or drop it, to gain SYSTEM privileges in Windows, used ...