Bad Times Abound for Windows 11 at PWN2OWN Vancouver 2022…


May 23, 2022

Windows 11 has had a very, very bad week.

The newest operating system from Microsoft was trounced during Trend Micro’s Zero Day Initiative (ZDI) first Pwn2Own event this year after hackers compromised it 6 times over the course of 72 hours. In total seven hackers walked away with a combined $240,000 for their Windows 11 zero-day exploits.

The exact details regarding the exploits aren’t privy to the public (and for good reason) but we do have a summarized breakdown of the type of attack leverage and the reward money offered up.

They were as follows:

  1. Out-of-Bounds Escalation of Privilege exploit – $40,000 reward
  2. Elevation of Privilege Attack – $40,000 reward
  3. Improper Access Control Elevation of Privilege Attack – $40,000 reward
  4. Integer Overflow Exploit – $40,000 reward
  5. Improper Access Control Exploit – $40,000 reward
  6. Use-After-Free Vulnerability Elevation of Privilege Attack – $40,000

Windows 11 wasn’t the only Microsoft product to get knocked around. Microsoft Teams, a popular enterprise messaging platform was slammed as well with an additional $450,000 worth of prize money going out to three hackers ($150,000 going to each hacker).

The type of attacks used against Microsoft Teams are a little less clear but they include things like code injection, misconfigurations, and zero-click remote code execution exploits (among other things).

Microsoft has been touting the OS as being one of the most secure offerings ever released out of Redmond, WA. That may be true in certain regards, but if the hackers at Pwn2Own 2022 have anything to say about the matter there are plenty of holes left to be filled.

Or not filled rather. Considering Microsoft has just entered the MSSP space, they might be totally content to just leave those gaping wounds alone and simply monetize the flaw via security services…



Carl Keyser is the Content Manager at Integris.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...