web analytics
Home » Technology » Hacker Event Pwn2Own: Lesson for Microsoft Developers

Hacker Event Pwn2Own: Lesson for Microsoft Developers

Since, as we know, you can learn a lot from mistakes, the developers at Microsoft have certainly become a lot wiser after the first day of the Pwn2Own Vancouver 2022 hacker event. Because the participants took apart rows of products from Redmond. One of the first hacks was shown by Hector Peralta, who gained access to Microsoft Teams through a configuration bug. This is from a message in the magazine bleeping computer from. Two other groups also successfully attacked the communications platform, each using exploit chains that exploited multiple zero-day vulnerabilities to achieve their goals.

As so often, the Pwn2Own wasn’t exactly characterized by the participants using simple ways to exploit bugs. This was also evident in an attack on Windows 11. Here, for example, the STAR Labs team managed to gain extended user rights by breaking out of an Oracle VirtualBox at the right time. However, the same hackers also demonstrated a second privilege escalation, for which they directly exploited a zero-day vulnerability in the Windows system.

Tesla to go

On the first day of the conference, a total of $800,000 in prize money was paid out to hackers who dismantled Microsoft products with a total of 16 different zero-day vulnerabilities. So the programmers in Redmond, who now have to provide patches, have a lot of work to do. However, Microsoft products were far from the only ones to receive a significant boost at the event. Different operating systems, browsers, and applications from a wide variety of areas are also targeted. Here, too, the hackers expect significant rewards. The event site includes a Tesla Model S, whose onboard electronics must be broken into. Whoever manages this will not only receive $ 600,000 for demonstrating the vulnerability but can also take the vehicle with them.