Microsoft Bolsters Windows Security: Adds Paragon Driver to Blocklist Amid Ransomware Threats
Generado por agente de IAHarrison Brooks
martes, 4 de marzo de 2025, 7:51 am ET1 min de lectura
MSFT--
Microsoft has taken a proactive step to enhance the security of its Windows operating system by adding the vulnerable Paragon Partition Manager driver to its Vulnerable Driver Blocklist. This move comes in response to the exploitation of a Microsoft-signed driver by ransomware miscreants, highlighting the importance of coordinated vulnerability disclosure and the company's commitment to changing the vulnerability economy.
The Paragon Partition Manager driver, BioNTdrv.sys, was found to contain five security flaws that could be exploited by attackers to gain SYSTEM-level control over affected systems. These vulnerabilities, including arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference, insecure kernel resource access, and an arbitrary memory move vulnerability, allowed attackers to escalate privileges or cause a denial-of-service (DoS) scenario on the victim's machine.
Microsoft identified these vulnerabilities and promptly reported them to Paragon Software, leading to the release of a patched driver version 2.0.0. The company also added vulnerable BioNTdrv.sys versions to its Vulnerable Driver Blocklist, ensuring that the operating system no longer trusts the buggy driver if it shows up in a Bring Your Own Vulnerable Driver (BYOVD) based infection. This blocklist is enabled by default on Windows 11 devices and can be verified under Windows Security settings.
The addition of the vulnerable Paragon Partition Manager driver versions to Microsoft's Vulnerable Driver Blocklist significantly enhances the overall security posture of Windows users, particularly those who have not installed the latest updates. This proactive measure helps to mitigate the risk of ransomware attacks and other malicious activities that could exploit these vulnerabilities.
Microsoft's commitment to Coordinated Vulnerability Disclosure (CVD) and its efforts to change the vulnerability economy are evident in this incident. By promptly identifying and addressing the vulnerabilities, collaborating with security researchers and industry partners, and protecting customers, MicrosoftMSFT-- helps to create a more secure environment for all.
In conclusion, Microsoft's addition of the Paragon Partition Manager driver to its Vulnerable Driver Blocklist demonstrates the company's dedication to enhancing Windows security and protecting its users. By staying vigilant and addressing vulnerabilities promptly, Microsoft continues to make strides in changing the vulnerability economy and maintaining user trust in its products and services.
Microsoft has taken a proactive step to enhance the security of its Windows operating system by adding the vulnerable Paragon Partition Manager driver to its Vulnerable Driver Blocklist. This move comes in response to the exploitation of a Microsoft-signed driver by ransomware miscreants, highlighting the importance of coordinated vulnerability disclosure and the company's commitment to changing the vulnerability economy.
The Paragon Partition Manager driver, BioNTdrv.sys, was found to contain five security flaws that could be exploited by attackers to gain SYSTEM-level control over affected systems. These vulnerabilities, including arbitrary kernel memory mapping and write vulnerabilities, a null pointer dereference, insecure kernel resource access, and an arbitrary memory move vulnerability, allowed attackers to escalate privileges or cause a denial-of-service (DoS) scenario on the victim's machine.
Microsoft identified these vulnerabilities and promptly reported them to Paragon Software, leading to the release of a patched driver version 2.0.0. The company also added vulnerable BioNTdrv.sys versions to its Vulnerable Driver Blocklist, ensuring that the operating system no longer trusts the buggy driver if it shows up in a Bring Your Own Vulnerable Driver (BYOVD) based infection. This blocklist is enabled by default on Windows 11 devices and can be verified under Windows Security settings.
The addition of the vulnerable Paragon Partition Manager driver versions to Microsoft's Vulnerable Driver Blocklist significantly enhances the overall security posture of Windows users, particularly those who have not installed the latest updates. This proactive measure helps to mitigate the risk of ransomware attacks and other malicious activities that could exploit these vulnerabilities.
Microsoft's commitment to Coordinated Vulnerability Disclosure (CVD) and its efforts to change the vulnerability economy are evident in this incident. By promptly identifying and addressing the vulnerabilities, collaborating with security researchers and industry partners, and protecting customers, MicrosoftMSFT-- helps to create a more secure environment for all.
In conclusion, Microsoft's addition of the Paragon Partition Manager driver to its Vulnerable Driver Blocklist demonstrates the company's dedication to enhancing Windows security and protecting its users. By staying vigilant and addressing vulnerabilities promptly, Microsoft continues to make strides in changing the vulnerability economy and maintaining user trust in its products and services.
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios