Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows.

The vulnerable drivers were exploited in 'Bring Your Own Vulnerable Driver' (BYOVD) attacks where threat actors drop the kernel driver on a targeted system to elevate privileges.

‍