Bad Times Abound for Windows 11 at PWN2OWN Vancouver 2022…

by

May 23, 2022

Windows 11 has had a very, very bad week.

The newest operating system from Microsoft was trounced during Trend Micro’s Zero Day Initiative (ZDI) first Pwn2Own event this year after hackers compromised it 6 times over the course of 72 hours. In total seven hackers walked away with a combined $240,000 for their Windows 11 zero-day exploits.

The exact details regarding the exploits aren’t privy to the public (and for good reason) but we do have a summarized breakdown of the type of attack leverage and the reward money offered up.

They were as follows:

  1. Out-of-Bounds Escalation of Privilege exploit – $40,000 reward
  2. Elevation of Privilege Attack – $40,000 reward
  3. Improper Access Control Elevation of Privilege Attack – $40,000 reward
  4. Integer Overflow Exploit – $40,000 reward
  5. Improper Access Control Exploit – $40,000 reward
  6. Use-After-Free Vulnerability Elevation of Privilege Attack – $40,000

Windows 11 wasn’t the only Microsoft product to get knocked around. Microsoft Teams, a popular enterprise messaging platform was slammed as well with an additional $450,000 worth of prize money going out to three hackers ($150,000 going to each hacker).

The type of attacks used against Microsoft Teams are a little less clear but they include things like code injection, misconfigurations, and zero-click remote code execution exploits (among other things).

Microsoft has been touting the OS as being one of the most secure offerings ever released out of Redmond, WA. That may be true in certain regards, but if the hackers at Pwn2Own 2022 have anything to say about the matter there are plenty of holes left to be filled.

Or not filled rather. Considering Microsoft has just entered the MSSP space, they might be totally content to just leave those gaping wounds alone and simply monetize the flaw via security services…

 

 

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...