On the third and final day of the 2022 Pwn2Own Vancouver hacking competition, security researchers successfully hacked Microsoft’s Windows 11 operating system three more times using zero-day exploits.
The first attempt of the day to target Microsoft Teams failed after Team DoubleDragon failed to show their exploits in their allotted time. All other participants managed to hit their target and earned $160,000 after disabling Windows 11 three times and Ubuntu Desktop once.
Viettel Cyber Security’s nghiadt12 was the first to show zero-day privilege escalation (via Integer Overflow) in Windows 11. Also, having Bruno Pujos Reverse Tactics and vinhthp1712 also increased privileges to 11 by exploiting the Post-Free and Inappropriate Access Control vulnerabilities, respectively.
Windows 11 EOP via Integer Overflow shown by nghiadt12 (ZDI)
As well as all the Windows violence Billy Jheng Bing-Jhong STAR Labs hacked a system running Ubuntu Desktop with a Post-Free exploit.
Pwn2Own 2022 Vancouver ended May 18th and 20th with 17 participants earning a total of $1,155,000 for zero-day exploits and exploit chains shown after 21 attempts over three days. Once the vulnerabilities are exploited and reported during Pwn2Own, vendors have 90 days to release security fixes until they are made public by Trend Micro’s Zero-Day Initiative.
Source: BleepingComputer
Source: Hardware Info
