Windows 10 falls victim to hackers, but not how you might think

Hackers at Pwn2Own 2021 have unearthed bugs in Windows 10, Chrome and Zoom

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers squaring off at the Pwn2Own hacking competition have discovered various vulnerabilities inMicrosoft’sWindows 10operating system.

During the first two days of the event, which is run by the Zero Day Initiative, threeWindows 10exploits were identified, none of which had previously been documented.

The first, discovered by Team Viettel, saw an integer overflow bug abused to escalate user privileges, and the same feat was performed by researcher z3ro9 on the second day of the event via a similar flaw.

Finally, Tao Yan of Palo Alto Networks managed to alter the permissions of a regular user to SYSTEM levels by exploiting a Race Condition bug.

If exploited in the wild, these exploits could have allowed malicious hackers to make changes and install applications on target devices and gain access to sensitive systems unavailable to regular users.

Windows 10 vulnerabilities

The Pwn2Own competition has been running for 14 years now, during which period it has grown from a small event focused specifically onweb browsersinto a different beast entirely. This year, more than one million dollars in prize money is available to participants.

For the discovery of their respective Windows 10 bugs, both Yan and z3ro9 were awarded $40,000, as well as a handful of Master of Pwn points, which are used to determine the best performing hacker at the show.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Windows 10 is not the only product to have been hacked during the event, however. Researchers also discovered a Type Mismatch bug in web browsersGoogleChrome and Microsoft Edge, while a zero click exploit chain was used to establish code execution on a target device viaZoomMessenger.

The final day of the event will see contestants set their sights once again on Windows 10, but also Microsoft Exchange,UbuntuDesktop and Parallels Desktop.

All vendors whose products are exploited successfully at Pwn2Own will be briefed on the issues and given 90 days to release the necessary patches.

ViaBleepingComputer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’