Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Content source
https://www.bleepingcomputer.com/news/security/microsoft-teams-windows-11-hacked-on-first-day-of-pwn2own/
During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform.

The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

The STAR Labs team (Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyễn Hoàng Thạch) also demonstrated a zero-click exploit chain of 2 bugs (injection and arbitrary file write).

Microsoft Teams was hacked a third time by Masato Kinugawa, who exploited a 3-bug chain of injection, misconfiguration, and sandbox escape.

Each of them earned $150,000 for successfully demonstrating their Microsoft Teams zero-days.

STAR Labs also earned an extra $40,000 after elevating privileges on a system running Windows 11 using a Use-After-Free weakness and an additional $40,000 by achieving privilege escalation on Oracle Virtualbox.

Manfred Paul (@_manfp) also successfully demoed 2 bugs (prototype pollution and improper input validation) to hack Mozilla Firefox and an out-of-band write on Apple Safari to earn $150,000.

Other highlights from the first day of Pwn2Own include Marcin Wiązowski, Team Orca of Sea Security, and Keith Yeo demonstrating more zero-days in Windows 11 and Ubuntu Desktop,
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Fel Grossi, SeriousHoax, [correlate] and 13 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls
During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system.

The first demonstration of the day came from the @Synacktiv team, who successfully demoed two unique bugs (Double-Free & OOBW) and a sandbox escape collision while targeting the Tesla Model 3 infotainment system, earning $75,000 for their efforts.

@Jedar_LZ also failed to demo a zero-day exploit against Tesla's car. Although the bug wasn't exploited within the allotted time, Trend Micro's Zero Day Initiative (ZDI) acquired the exploit details and disclosed them to Tesla.

A third elevation of privileges zero-day caused by an improper access control bug in Windows 11 was demoed on the second day by T0, with namnp failing to demonstrate a second Windows 11 privilege escalation zero-day within the time allotted.

Two more local privilege escalation vulnerabilities were successfully demoed by the STAR Labs team and Marcin Wiązowski during the first round of the Pwn2Own contest.

Ubuntu Desktop was also hacked twice, with Bien Pham (@bienpnn) and Team TUTELARY from Northwestern University escalating privileges using two Use After Free bugs and earning $40,000 each.
Click to expand...
www.bleepingcomputer.com

Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: SeriousHoax, [correlate], vtqhtr413 and 2 others
M4RT1NE2

M4RT1NE2

Level 14
Verified
Top Poster
Well-known
Mar 19, 2022
650
Trooper said:
I tell you. As time goes by, this, plus all of the other MS decisions over the past few years makes me want to drop Windows and just run Linux full time.
Click to expand...
You're right. But will another system be better ?
Linux may be better (I never had it I admit - but not perfect).
The world is so complicated that no matter what you have you will still complain. There are no perfect things. Every thing has its advantages and disadvantages. Windows annoys me too many times.
It is like with a woman. At the beginning you love her, live with her and then some disadvantages come out which you have to accept unless the disadvantages / problems are so big that divorce saves the situation.
I hope you understand my message ;):emoji_beer:
 
  • Like
Reactions: [correlate] and vtqhtr413
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Windows 11 hacked three more times on last day of Pwn2Own contest
On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.

The first attempt of the day targeting Microsoft Teams failed after Team DoubleDragon could not demo their exploit within the allotted time.

All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

The first to demonstrate a Windows 11 escalation of privilege zero-day (via Integer Overflow) on the third day of Pwn2Own was nghiadt12 from Viettel Cyber Security.

Bruno Pujos from REverse Tactics and vinhthp1712 also escalated privileges on Windows 11 using Use-After-Free and Improper Access Control vulnerabilities, respectively.

Last but not least, STAR Labs' Billy Jheng Bing-Jhong hacked a system running Ubuntu Desktop using a Use-After-Free exploit.
Click to expand...
www.bleepingcomputer.com

Windows 11 hacked three more times on last day of Pwn2Own contest

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: vtqhtr413, SeriousHoax, harlan4096 and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
  • Like
Reactions: vtqhtr413, SeriousHoax, harlan4096 and 2 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Explode Blow Up GIF by reactionseditor
 
  • Like
  • HaHa
Reactions: vtqhtr413, Trooper, Gandalf_The_Grey and 1 other person
L

Local Host

Trooper said:
I tell you. As time goes by, this, plus all of the other MS decisions over the past few years makes me want to drop Windows and just run Linux full time.
Click to expand...
That comment makes no sense on this topic, finding and patching exploits makes it more secure, you have no idea how many unpatched holes Linux has due to the huge fragmentation.
 
  • Like
Reactions: vtqhtr413 and Trooper
Trooper

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
Local Host said:
That comment makes no sense on this topic, finding and patching exploits makes it more secure, you have no idea how many unpatched holes Linux has due to the huge fragmentation.
Click to expand...

Neither does yours. If you had my job, you would understand.
 
  • Like
Reactions: vtqhtr413
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • Applause
    • +Reputation
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Replies
0
Views
669
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
Replies
1
Views
1,013
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
Replies
1
Views
816
News Archive
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top