Researchers win $40,000 for hacking Windows 11 in Pwn2Own Vancouver 2022

Pwn2Own Vancouver 2022 hacking contest is currently underway, and products from companies including Microsoft, Apple, Mozilla, and Oracle have all been defeated by hackers. These kinds of offensive and defensive activities help improve the security of enterprise products, so these tech giants are very happy to see their products be defeated and pay bonuses. The hackers attacked Windows 11 and Microsoft Teams with multiple exploits and received praise from Microsoft, which paid more than $200,000 in bounty.

Image: zerodayinitiative

Although Microsoft emphasizes that Windows 11 has very good security, no matter what product it is, there are inevitably bugs that will be discovered by hackers. Hackers found an out-of-bounds vulnerability in Windows 11 and used the vulnerability to successfully escalate privileges, for which Microsoft paid the hacker a $40,000 bounty. Of course, none of these vulnerabilities have been announced yet. We will know the general situation when Microsoft fixes the vulnerabilities next month. Microsoft Teams was the first product to be defeated. Because of a large number of vulnerabilities found, Microsoft also generously paid hackers a huge bounty. The vulnerabilities involved include improper configuration and sandbox escape. Teams was also found to have two zero-click vulnerabilities, that is, it does not require any user action to be infected.

In addition to Microsoft’s products, Oracle’s VirtualBox, Firefox browser, Ubuntu Desktop, and Safari were also compromised. Hackers successfully exploited 16 security holes on the first day of the competition and took home a total of $800,000 in prize money. If hackers can successfully hack into Tesla, they can get up to $600,000 in bonuses, and they can also get the Model 3 or Model S directly. At the 2019 hacker conference, the Fluoroacetate team successfully hacked Tesla and drove home the hacked Model 3 in addition to the bonus.