Security News > 2021 > April > Microsoft's Windows 10, Exchange, and Teams hacked at Pwn2Own

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform.

The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

Next, a security researcher using the OV online moniker successfully obtained code execution on Microsoft Teams in the Enterprise Communications category by combining two separate security bugs.

Team Viettel earned $40,000 and 4 Master of Pwn points after escalating privileges to SYSTEM from a regular user on Windows 10 while competing in the Local Escalation of Privilege category.

On the second day, Pwn2Own competitors will also target Google Chrome, Microsoft Edge, Zoom Messenger, while others will try their hand at exploiting other new bugs in Microsoft Exchange, Windows 10, Ubuntu Desktop, and Parallels Desktop.

During the Pwn2Own 2021 contest, 23 teams and researchers will target ten different products in the Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications categories.

News URL

https://www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/