Posted on May 21, 2022 at 7:24 AM
Microsoft’s latest iteration of its software is another example of how the tech giant is taking a massive security-based stance to protect against future software infiltrations. In the latest Pwn2Own hacking competition, some whitehat hackers just proved to the company that they have to do a little more work on the security of its software. The hacking contest didn’t take more than 24 hours before some of the best hackers broke into both Windows 11 and Microsoft Team.
Zero Day Initiative reported that the Pwn2Own is still ongoing but some hackers have already gained massively financially for breaking into the software Microsoft presented. Pwn2Own is one of the most popular hacking contents, as the bests in the business try to outwit themselves while cracking the security of the software presented to them.
Once a hacker successfully cracks or discovers a vulnerability, they are asked to report the flaw immediately to the developers to enable them to fix the issue before it becomes known to the darkhat hackers. Of course, the hacker will not go home without a financial reward for the effort.
Once the vulnerability is confirmed in private, the hacker is given a nice chunk of cash as a bounty.
Day One Of Pwn2Own Proves Significant
The first day of the Pwn2Own hacking competition proved to be significant, as some hackers successfully discovered major vulnerabilities in the Microsoft Team and Windows 11.
The event saw two successful attacks on Windows 11 and three on Microsoft Teams, with each successful attack, offering a handsome bounty. The biggest award was a mouth-watering $150,000 bounty while the lowest came at $40,000. The event is still ongoing, which means more vulnerabilities could be unraveled with more bounty paid afterward.
During the first day of the competition, contestants worn $600,000 after successfully exploiting 16 zero-day vulnerabilities.
The first to be exposed was Microsoft Teams after white-hat hacker Hector Peralta exploited an improper configuration bug.
In another zero-day vulnerability exploit, the STAR Labs team demonstrated their ability in an exploit chain of 2 vulnerabilities. Microsoft Teams was also exposed for the third time by Masato Kinugaw after he exploited a 3-vulnerability chain of infection, sandbox escape, and misconfiguration.
Oracle and Mozilla also Paid Out rewards
Each of the three hackers received $150,000 for successfully exploiting zero-days in Microsoft Team. In addition to the amount, STAR Labs demonstrated another proficiency by achieving privilege escalation on Oracle Virtualbox, earning $40,000 in the process. The hacking team earned another $40,000 after elevating privileges on a system running Windows 11 using a Use-After-Free flaw.
Another hacker Manfred Paul got a $150,000 reward after successfully exploiting 2 bugs (improper input validation and prototype pollution) to hack Mozilla Firefox. Other hackers also got a fair share of the bounty cake, which could increase on the second and third day of the competition.
Apart from Microsoft, hackers also discovered vulnerabilities in software owned by other major companies. Oracle and Mozilla also saw their software cracked, but most of the vulnerabilities came from Windows 11 and Teams. They also paid more than other companies due to the critical nature of the flaws discovered.
With two more days left before the competition ends, more vulnerabilities are likely going to be discovered. But the results for day one
Microsoft Needs To Do More On Security
The hacking competition has already proven its worth, as Microsoft would appreciate having a white hacker discovering the flaws on Windows 11 and Teams before a dark hacker finds out. Although the tech giant is dishing out a reasonable amount as bounty, it is considered far better and safer instead of exposure to bad actors. Microsoft has carried out serious updates on its security lately. The company has denied access to those trying to install Windows 11 on older PC versions as a way of protecting against infiltrations. The processor does not support TPM2.0, which is required to keep Windows 11 as safe as possible.
But hackers have succeeded in cracking both Teams and Windows 11 at the event, canceling any claims the tech giant may have that its systems are completely safe.
Although Microsoft has the tools and resources to fix the vulnerabilities, it does show that the security of the software is not as tight as it may seem. The tech company will be publishing a patch for the flaw before threat actors get to know about them and strike.