During Pwn2Own, an annual computer hacking event, participants and cybersecurity experts demonstrate their skills in using bugs, zero-day exploits, and other problems to legally hack various software and win awards and recognition. This year at Pwn2Own Vancouver 2022, attendees managed to break into Microsoft Teams and Windows 11 on the first day.
Hector “p3rro” Peralta was the first to get into Microsoft Teams. He demonstrated a misconfiguration of Microsoft’s corporate messenger and earned $150,000 from his withdrawals. Later, Teams fell victim again when Masato Kinugawa performed a chain of 3 errors: infection, misconfiguration, and sandbox escape. The beatings continued, with Daniel Lim Wee Sun, Poh Jia Hao, Li Jiantao, and Ngo Wei Lin showing exploits of two bugs without clicking.
Windows 11 hasn’t been immune to hackers either. Despite Microsoft putting a lot of emphasis on security in its latest OS, Marcin Wizowski performed unlimited write privilege escalation on Windows 11. For this, Marcin received $40,000 and was praised by Microsoft.
Microsoft The company’s products weren’t the only ones hacked on the first day of Pwn2Own Vancouver 2022. Participants managed to earn points and cash by hacking Oracle Virtualbox, Mozilla Firefox, Ubuntu Desktop, and Apple Safari. Events like this help Microsoft and other companies improve the security of their products and encourage experienced hackers to stay on the right side of cyberlaws.
In total, the hackers made $800,000 on the first day using 16 zero-day bugs across multiple products. On the second and third days, participants can earn over $1,000,000 in rewards by hacking other software, gadgets, and cars (Tesla Model 3 and Model S).