Security News > 2021 > April > Microsoft's Windows 10, Exchange, and Teams hacked at Pwn2Own

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform.
The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.
Next, a security researcher using the OV online moniker successfully obtained code execution on Microsoft Teams in the Enterprise Communications category by combining two separate security bugs.
Team Viettel earned $40,000 and 4 Master of Pwn points after escalating privileges to SYSTEM from a regular user on Windows 10 while competing in the Local Escalation of Privilege category.
On the second day, Pwn2Own competitors will also target Google Chrome, Microsoft Edge, Zoom Messenger, while others will try their hand at exploiting other new bugs in Microsoft Exchange, Windows 10, Ubuntu Desktop, and Parallels Desktop.
During the Pwn2Own 2021 contest, 23 teams and researchers will target ten different products in the Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications categories.
News URL
Related news
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft Exchange Online outage affects Outlook web users (source)