During Pwn2Own, an annual computer hacking event, contestants and cybersecurity experts demonstrate their skills in utilizing bugs, zero-day exploits, and other issues to legally crack into various software and receive rewards and recognition. This year, during Pwn2Own Vancouver 2022, contestants managed to break into Microsoft Teams and Windows 11 on day one.
Hector "p3rro" Peralta was the first to get into Microsoft Teams. He demonstrated an improper configuration against Microsoft's corporate messenger and earned $150,000 for his findings. Later, Teams fell victim again when Masato Kinugawa executed a 3-bug chain of infection, misconfiguration, and sandbox escape. The beatings continued with Daniel Lim Wee Soong, Poh Jia Hao, Li Jiantao, and Ngo Wei Lin demonstrating zero-click exploits of two bugs.
Windows 11 was not immune to hackers either. Despite Microsoft's strong emphasis on security in its latest OS, Marcin Wiązowski executed an out-of-bounds write escalation of privilege in Windows 11. For that, Marcin netted $40,000 and high praise from Microsoft.
Microsoft's products were not the only software hackers broke during the first day of Pwn2Own Vancouver 2022. Contestants managed to earn points and money by cracking Oracle Virtualbox, Mozilla Firefox, Ubuntu Desktop, and Apple Safari. Events like this help Microsoft and other companies improve the security of their products and incentivize skilled hackers to stay on the right side of cyber laws.
In total, hackers earned $800,000 on day one by exploiting 16 zero-day bugs in multiple products. On days two and three, contestants can make more than $1,000,000 in rewards by breaking into other software, gadgets, and cars (Tesla Model 3 and Model S).
Source: Zero Day Initiative via Bleeping Computer
26 Comments - Add comment