Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021


The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.



Pwn2Own 2021 kicked off this week with successful attempts against Apples Safari browser and Microsoft Teams, Microsoft Exchange, and Windows 10 on the first day of competition.
This years event is distributed among various locations and is one of the largest in Pwn2Own history, according to Trend Micros Zero Day Initiative. Twenty-three separate entries will target 10 products in the categories of Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications, the events newest category. 
On the first day of this years event, the Devcore team combined an authentication bypass and local privilege escalation to take over Microsoft Exchange in the Server category. The success earned the team $200,000 and 20 Master of Pwn points. 
In the Enterprise Communications category, a researcher who goes by OV demonstrated code execution on Microsoft Teams with a pair of vulnerabilities, earning himself $200,000 and 20 points toward Master of Pwn. 
Team Viettel targeted Windows 10 in the Local Escalation of Privilege category. The team used an integer overflow in Windows 10 to escalate from a regular user and achieve system privileges, earning $40,000 and 4 points toward Master of Pwn.
Jack Dates of RET2 Systems targeted Safari in the Web Browser category, using an integer overflow in Safari and an OOB Write to get kernel-level code execution. In doing so, he earned $100,000 and 10 Master of Pwn points.
Later in the week, Pwn2Own participants will make additional attempts at targeting Microsoft Exchange Server, Windows 10, Zoom, Ubuntu Desktop, and other targets. 
Read the full first day results and Pwn2Own schedule
here
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021