Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

Topic

New Reply

https://www.bleepingcomputer.com/news/security/microsoft-teams-windows-11-hacked-on-first-day-of-pwn2own/

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft’s Windows 11 operating system and the Teams communication platform.

The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

The STAR Labs team (Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyễn Hoàng Thạch) also demonstrated a zero-click exploit chain of 2 bugs (injection and arbitrary file write).

Microsoft Teams was hacked a third time by Masato Kinugawa, who exploited a 3-bug chain of injection, misconfiguration, and sandbox escape.

Each of them earned $150,000 for successfully demonstrating their Microsoft Teams zero-days.

STAR Labs also earned an extra $40,000 after elevating privileges on a system running Windows 11 using a Use-After-Free weakness and an additional $40,000 by achieving privilege escalation on Oracle Virtualbox.

Manfred Paul (@_manfp) also successfully demoed 2 bugs (prototype pollution and improper input validation) to hack Mozilla Firefox and an out-of-band write on Apple Safari to earn $150,000.

Other highlights from the first day of Pwn2Own include Marcin Wiązowski, Team Orca of Sea Security, and Keith Yeo demonstrating more zero-days in Windows 11 and Ubuntu Desktop…

1 user thanked author for this post.

windbg

Reply | Quote

Replies

So there is a bright future for you and this site to fill lots of pages #how_to apply and comply. And at the same time people are asked to trust the Microsoft Defendermeganism. Weird

* _ ... _ *

Reply | Quote

Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked

On day 1 of the event, researchers managed to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were hacked successfully multiple teams during the day. All attempts were successful on the day.

On day 2, security researchers hacked the Tesla Model 3 Infotainment System, Ubuntu Desktop and Microsoft windows 11. Ubuntu Desktop was hacked twice successfully. Two hacking attempts against Microsoft Windows 11 and Tesla failed on that day.

On day 3, hackers managed to exploit Windows 11 and Ubuntu Desktop successfully. Researchers exploited Microsoft’s Windows 11 operating system thrice on the day, with no failed attempts…

Reply | Quote

? says:

oh, well more patches on the way, no doubt

https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#one

out-of-bounds write (OOBW), and use-after-free (UAF)

thanks, Alex…

Reply | Quote

Thank you for this. It’s almost like Microsoft wants their code to be hacked. 😉

It reminds me of the scene in The Fifth Element, in which Gary Oldman’s archcriminal industrialist character, Zorg, meets again with Ian Holm’s beneficent monk, Father Cornelius.

Oldman intentionally breaks a drinking glass, which sets in motion automated machinery to clean it up. But during that scene Zorg also aspirates a cherry pit, nearly choking to death. Father Cornelius eventually slap’s Zorg’s back and saves him from death.

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

Reply | Quote