• Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

    Author
    Topic
    #2447883

    https://www.bleepingcomputer.com/news/security/microsoft-teams-windows-11-hacked-on-first-day-of-pwn2own/

    During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft’s Windows 11 operating system and the Teams communication platform.

    The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

    The STAR Labs team (Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyễn Hoàng Thạch) also demonstrated a zero-click exploit chain of 2 bugs (injection and arbitrary file write).

    Microsoft Teams was hacked a third time by Masato Kinugawa, who exploited a 3-bug chain of injection, misconfiguration, and sandbox escape.

    Each of them earned $150,000 for successfully demonstrating their Microsoft Teams zero-days.

    STAR Labs also earned an extra $40,000 after elevating privileges on a system running Windows 11 using a Use-After-Free weakness and an additional $40,000 by achieving privilege escalation on Oracle Virtualbox.

    Manfred Paul (@_manfp) also successfully demoed 2 bugs (prototype pollution and improper input validation) to hack Mozilla Firefox and an out-of-band write on Apple Safari to earn $150,000.

    Other highlights from the first day of Pwn2Own include Marcin Wiązowski, Team Orca of Sea Security, and Keith Yeo demonstrating more zero-days in Windows 11 and Ubuntu Desktop…

    1 user thanked author for this post.
    Viewing 3 reply threads
    Author
    Replies
    • #2447897

      So there is a bright future for you and this site to fill lots of pages #how_to apply and comply. And at the same time people are asked to trust the Microsoft Defendermeganism. Weird

      * get out of the poisonous Metaverse *
    • #2448218

      Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked

      On day 1 of the event, researchers managed to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were hacked successfully multiple teams during the day. All attempts were successful on the day.

      On day 2, security researchers hacked the Tesla Model 3 Infotainment System, Ubuntu Desktop and Microsoft windows 11. Ubuntu Desktop was hacked twice successfully. Two hacking attempts against Microsoft Windows 11 and Tesla failed on that day.

      On day 3, hackers managed to exploit Windows 11 and Ubuntu Desktop successfully. Researchers exploited Microsoft’s Windows 11 operating system thrice on the day, with no failed attempts…

    • #2448288

      ? says:

      oh, well more patches on the way, no doubt

      https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#one

      out-of-bounds write (OOBW), and use-after-free (UAF)

      thanks, Alex…

    • #2448616

      Thank you for this. It’s almost like Microsoft wants their code to be hacked. 😉

      It reminds me of the scene in The Fifth Element, in which Gary Oldman’s archcriminal industrialist character, Zorg, meets again with Ian Holm’s beneficent monk, Father Cornelius.

      Oldman intentionally breaks a drinking glass, which sets in motion automated machinery to clean it up. But during that scene Zorg also aspirates a cherry pit, nearly choking to death. Father Cornelius eventually slap’s Zorg’s back and saves him from death.

      Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
    Viewing 3 reply threads
    Reply To: Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: