Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Windows 11 hacked three more times on last day of Pwn2Own contest

    Karlston

    By Karlston,
    Published Date:

    • 339 views
    • 2 minutes
     Share
    • 339 views
    • 2 minutes

    On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.

     

    The first attempt of the day targeting Microsoft Teams failed after Team DoubleDragon could not demo their exploit within the allotted time.

     

    All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

     

    The first to demonstrate a Windows 11 escalation of privilege zero-day (via Integer Overflow) on the third day of Pwn2Own was nghiadt12 from Viettel Cyber Security.

     

    Bruno Pujos from REverse Tactics and vinhthp1712 also escalated privileges on Windows 11 using Use-After-Free and Improper Access Control vulnerabilities, respectively.

     

    Last but not least, STAR Labs' Billy Jheng Bing-Jhong hacked a system running Ubuntu Desktop using a Use-After-Free exploit.

     

    Windows_11_%20EOP%20via%20Integer_Overfl

    Windows 11 EOP via Integer Overflow demoed by nghiadt12 (ZDI)

     

    Pwn2Own 2022 Vancouver ended with 17 competitors earning a total of $1,155,000 for zero-day exploits and exploits chains demoed over three days after 21 attempts, between May 18 and May 20.

     

    On the first day of Pwn2Own, hackers won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform, Ubuntu Desktop, Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

     

    On second day, contestants earned $195,000 after demoing flaws in the Telsa Model 3 Infotainment System, Ubuntu Desktop, and Microsoft Windows 11.

     

    Security researchers demonstrated six Windows 11 exploits during the contest, hacked Ubuntu Desktop four times, and demoed three Microsoft Teams zero-days. They also reported several flaws in Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

     

    After vulnerabilities are exploited and reported during Pwn2Own, vendors have 90 days to release security fixes until Trend Micro's Zero Day Initiative publicly discloses them.

     

    In April, hackers also earned $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the 2022 Pwn2Own Miami contest between April 19 and April 21.

     

     

    Windows 11 hacked three more times on last day of Pwn2Own contest

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...