Microsoft signed a dodgy driver - It is now being exploited ...

Silvio

Well-known member

Member

Local time

3:10 PM

Posts

104

OS

Linux Ubuntu 24.04.1

• Today at 7:18 AM

• #1

Ransomware scum abusing Microsoft Windows-signed driver

Five flaws found in Paragon Partition Manager's kernel-level .sys

www.theregister.com

 

My Computers

System One System Two

• OS

  Linux Ubuntu 24.04.1

  Computer type

  PC/Desktop

  Manufacturer/Model

  Dell Optiplex 5810

  CPU

  Xeon 2680 v4

  Motherboard

  Xeon V4 Motherboard

  Memory

  64GB ECC DDR4

  Graphics Card(s)

  nVidia GTX 1650

  PSU

  850W

• Operating System

  Windows 11 23H2

  Computer type

  PC/Desktop

  Manufacturer/Model

  HP Z640

  CPU

  Xeon 2667 V4

  Motherboard

  HP Z640 V3/V4

  Memory

  32GB ECC

  Graphics card(s)

  nVidia Quadro M4000

  Monitor(s) Displays

  LG Gsync 27" 144hz

  Screen Resolution

  1920x1080 144hz

antspants

Like a rolling drone.

Guru

VIP

Local time

1:10 AM

Posts

12,037

Location

Gold Coast, Australia

OS

Windows 11 Pro 23H2 Build 22631.4974

• Today at 7:30 AM

• #2

That’s interesting. Microsoft has already been in contact with Paragon and it has been fixed. Hopefully users will be informed of an update.

 

My Computers

System One System Two

• OS

  Windows 11 Pro 23H2 Build 22631.4974

  Computer type

  PC/Desktop

  Manufacturer/Model

  Sin-built

  CPU

  Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)

  Motherboard

  ASUS ROG Maximus VI Formula

  Memory

  32.0 GB of I forget and the box is in storage.

  Graphics Card(s)

  Gigabyte nVidia GeForce GTX 1660 Super OC 6GB

  Sound Card

  Onboard

  Monitor(s) Displays

  4 x LG 23MP75 - 2 x 24MK430H-B - 1 x Wacom Pro 22" Tablet

  Screen Resolution

  All over the place

  Hard Drives

  Too many to list.
  OS on Samsung 1TB 870 QVO SATA

  PSU

  Silverstone 1500

  Case

  NZXT Phantom 820 Full-Tower Case

  Cooling

  Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.

  Keyboard

  Corsair K95 / Logitech diNovo Edge Wireless

  Mouse

  Logitech G402 / G502 / Mx Masters / MX Air Cordless

  Internet Speed

  100/40Mbps

  Browser

  All sorts

  Antivirus

  Kaspersky Premium

  Other Info

  I’m on a horse.

• Operating System

  Windows 11 Pro 23H2 Build: 22631.4249

  Computer type

  Laptop

  Manufacturer/Model

  LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB

  CPU

  Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)

  Memory

  16GB LPDDR5 RAM

  Graphics card(s)

  Intel Iris Xe Graphics Processor

  Sound Card

  Optimized with Dolby Atmos®

  Screen Resolution

  QHD 2880 x 1800 OLED

  Hard Drives

  M.2 512GB

  Antivirus

  Defender / Malwarebytes

  Other Info

  …still on a horse.

B

BruceR

Well-known member

Power User

VIP

Local time

3:10 PM

Posts

398

OS

Windows 11

• Today at 9:03 AM

• #3

Vulnerable versions of the driver have been added to Microsoft's Vulnerable Driver Blocklist so that the OS no longer trusts the buggy driver if it shows up in a BYOVD-based infection. Windows 11 devices enable this blocklist by default.

[Penultimate paragraph of original The Register article]

Click to expand...

 

My Computer

System One

• OS

  Windows 11

  Computer type

  Laptop

pseymour

Windows developer and admіn

Pro User

VIP

Local time

10:10 AM

Posts

1,064

Location

Ohio, USA

OS

Windows 11 Pro 24H2

• 27 minutes ago

• #4

Kernel-mode BYOVD is only a problem if you run with admin rights.

 

My Computers

System One System Two

• OS

  Windows 11 Pro 24H2

  Computer type

  PC/Desktop

  Manufacturer/Model

  Intel NUC12WSHi7

  CPU

  12th Gen Intel Core i7-1260P, 2100 MHz

  Motherboard

  NUC12WSBi7

  Memory

  64 GB

  Graphics Card(s)

  Intel Iris Xe

  Sound Card

  built-in Realtek HD audio

  Monitor(s) Displays

  Dell U3219Q

  Screen Resolution

  3840x2160 @ 60Hz

  Hard Drives

  Samsung SSD 990 PRO 1TB

  Keyboard

  CODE 104-Key Mechanical with Cherry MX Clears

  Antivirus

  Microsoft Defender

• Operating System

  Linux Mint 21.2 (Cinnamon)

  Computer type

  PC/Desktop

  Manufacturer/Model

  Intel NUC8i5BEH

  CPU

  Intel Core i5-8259U CPU @ 2.30GHz

  Memory

  32 GB

  Graphics card(s)

  Iris Plus 655

  Keyboard

  CODE 104-Key Mechanical with Cherry MX Clears