Microsoft Teams and Windows 11 compromised on the first day of Pwn2Own 2022

Kevin Okemwa

Pwn2Own

Pwn2Own Vancouver is a hacking event held annually where both contestants and cybersecurity experts get to show off their skillsets when it comes to making use of bugs and zero-day exploits to crack into software legally and in return get awards and recognition. This year marks the event’s 15th anniversary.

This year, during the first day of the event, contestants managed to rack up $800,000 after skillfully using 16 zero-day bugs to breach multiple softwares, among them Windows 11 and Microsoft Teams.

First up was Microsoft Teams after Hector Peralta used an improper configuration flaw to compromise it, which earned him $150,000 and 15 Master of Pwn points. Masato Kinugawa also gave it a run by executing a 3-bug chain of infection, misconfiguration, and sandbox escape which also saw him earn $150,000. And finally, Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan and Nguyễn Hoàng Thạch of STAR Labs also demonstrated a zero-click exploit chain of 2 bugs. (via Bleeping Computer)

A couple of experts and contestants also gave Microsoft’s Windows 11 OS a go and managed to get through to it despite the security measures put in place to prevent this. Case in point, Marcin Wiązowski used an OOB write escalation of privilege on Microsoft Windows 11, which saw him earn $40,000 and 4 Master of Pwn points, as well as recognition and “high praise” from Microsoft.

Oracle Virtualbox, Mozilla Firefox, Ubuntu Desktop, Apple Safari among others were also part of the products that sofware hackers managed to breach and get rewards and gain recognition. Such events are crucial as they help organizations such as Microsoft identify loopholes that hackers might use to compromise their security, allowing them to come up with elaborate measures and fixes.