HomeWinBuzzer NewsPwn2Own Hacking Contest Shows Flaws in Windows 10, Exchange Server, Zoom, and...

Pwn2Own Hacking Contest Shows Flaws in Windows 10, Exchange Server, Zoom, and Chrome

Over three days Pwn2Own hacking context, numerous vulnerabilities were found across a range of popular tech services.

-

Pwn2Own is one of the biggest hacking contests in the world. It tasks hackers with highlighting vulnerabilities in some of the most famous platforms in tech. It also helps to shatter our ideas that the products we are using day-to-day are secure… spoiler, they're not.

$1.5 million is up for grabs in prize money during Pwn2Own 2021 and so far researchers have found vulnerabilities across numerous popular services. Among them are 's Safar browser, , Windows, Ubuntu, , and Edge.

Some of the vulnerabilities found include flaws that would lead to problems for Web Browsers, Servers, Enterprise Communication tools, and more.

Microsoft Vulnerabilities

There were problems found across a range of Microsoft services. Starting with Microsoft Exchange, the DEVCORE research teams found an authentication bypass and local privilege escalation flaw that would allow them to take over a server.

On , Team Viettel found a hole in Windows 10 security by using an integer overflow to escalate privileges for regular users to SYSTEM wide privileges. Palo Alto Networks researcher Tao Yan leveraged a Race Condition bug to create SYSTEM privileges on a Windows 10 machine that was fully patched.

A researcher known as OV targeted Microsoft Teams with two bugs that show how a code execution attack could happen. On Microsoft Edge and Chrome (both sharing the Chromium engine) with a Typer Mismatch bug that allows an attack on the browsers.

Flaws on Other Services

RET2 Systems' Jack Date found a vulnerability in Apple's web browser. By using an integer overflow, he was able to use a OOB Write to access kernel-level code on the browser.

A Zoom vulnerability was found by Daan Keuper and Thijs Alkemade from Computest. Specifically, a three bug chain for the messenger app that allows a code execution to hit the system. Interestingly, the victim would not need to click anything to initiate the attack.

You can check out the Pwn2Own event on YouTube, Twitch, and the conference site here.

Tip of the day:

Having problems with pop-ups and unwanted programs in Windows 10? Try the hidden adware blocker of Windows Defender. We show you how to turn it on in just a few steps.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News