Paragon Software Hard Disk Manager Products BioNTdrv.sys Driver Arbitrary Kernel Memory Write Vulnerability
Vulnerability
A vulnerability allowing arbitrary writes to kernel memory has been identified in various Paragon Software products within the BioNTdrv.sys driver. This issue arises from inadequate validation of user-supplied data lengths, enabling attackers to execute arbitrary code on the affected machine. The vulnerability is present in BioNTdrv.sys versions 10.1.X.Y and older, as well as specific 1.X.0.0 versions, excluding 2.0.0.0.
Impact
Exploitation of this vulnerability allows for arbitrary code execution in the kernel, which can lead to privilege escalation, particularly to SYSTEM level.
Remediation
Paragon Software has released a security update for the Hard Disk Manager product line. Users can download this update from the Paragon Software website or through the Paragon Licensing Center. For instructions on applying the update, refer to the Paragon Software Knowledge Base.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.