Bad Times Abound for Windows 11 at PWN2OWN Vancouver 2022…

by

May 23, 2022

Windows 11 has had a very, very bad week.

The newest operating system from Microsoft was trounced during Trend Micro’s Zero Day Initiative (ZDI) first Pwn2Own event this year after hackers compromised it 6 times over the course of 72 hours. In total seven hackers walked away with a combined $240,000 for their Windows 11 zero-day exploits.

The exact details regarding the exploits aren’t privy to the public (and for good reason) but we do have a summarized breakdown of the type of attack leverage and the reward money offered up.

They were as follows:

  1. Out-of-Bounds Escalation of Privilege exploit – $40,000 reward
  2. Elevation of Privilege Attack – $40,000 reward
  3. Improper Access Control Elevation of Privilege Attack – $40,000 reward
  4. Integer Overflow Exploit – $40,000 reward
  5. Improper Access Control Exploit – $40,000 reward
  6. Use-After-Free Vulnerability Elevation of Privilege Attack – $40,000

Windows 11 wasn’t the only Microsoft product to get knocked around. Microsoft Teams, a popular enterprise messaging platform was slammed as well with an additional $450,000 worth of prize money going out to three hackers ($150,000 going to each hacker).

The type of attacks used against Microsoft Teams are a little less clear but they include things like code injection, misconfigurations, and zero-click remote code execution exploits (among other things).

Microsoft has been touting the OS as being one of the most secure offerings ever released out of Redmond, WA. That may be true in certain regards, but if the hackers at Pwn2Own 2022 have anything to say about the matter there are plenty of holes left to be filled.

Or not filled rather. Considering Microsoft has just entered the MSSP space, they might be totally content to just leave those gaping wounds alone and simply monetize the flaw via security services…

 

 

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...