Security researchers squaring off at the Pwn2Own hacking competition have discovered various vulnerabilities in Microsoft’s Windows 10 operating system (opens in new tab).
During the first two days of the event, which is run by the Zero Day Initiative, three Windows 10 (opens in new tab) exploits were identified, none of which had previously been documented.
The first, discovered by Team Viettel, saw an integer overflow bug abused to escalate user privileges, and the same feat was performed by researcher z3ro9 on the second day of the event via a similar flaw.
- Here's our list of the best business laptops (opens in new tab) right now
- Check out our list of the best mobile workstations (opens in new tab) around
- We've built a list of the best business computers (opens in new tab) available
Finally, Tao Yan of Palo Alto Networks managed to alter the permissions of a regular user to SYSTEM levels by exploiting a Race Condition bug.
If exploited in the wild, these exploits could have allowed malicious hackers to make changes and install applications on target devices and gain access to sensitive systems unavailable to regular users.
Windows 10 vulnerabilities
The Pwn2Own competition has been running for 14 years now, during which period it has grown from a small event focused specifically on web browsers (opens in new tab) into a different beast entirely. This year, more than one million dollars in prize money is available to participants.
For the discovery of their respective Windows 10 bugs, both Yan and z3ro9 were awarded $40,000, as well as a handful of Master of Pwn points, which are used to determine the best performing hacker at the show.
Windows 10 is not the only product to have been hacked during the event, however. Researchers also discovered a Type Mismatch bug in web browsers Google Chrome and Microsoft Edge, while a zero click exploit chain was used to establish code execution on a target device via Zoom (opens in new tab) Messenger.
The final day of the event will see contestants set their sights once again on Windows 10, but also Microsoft Exchange, Ubuntu (opens in new tab) Desktop and Parallels Desktop.
All vendors whose products are exploited successfully at Pwn2Own will be briefed on the issues and given 90 days to release the necessary patches.
- Check out our list of the best Windows 10 Pro laptops (opens in new tab)
Via BleepingComputer (opens in new tab)