Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams.

Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit 21 targets across multiple categories.

During the first day of the event, white hat hackers earned a total of $800,000, a record for the first day of this contest, including $450,000 for successful exploits targeting Microsoft Teams.

All the attempts made during the first day were successful, the participants explored a total of 16 flaws affecting Microsoft Teams, Oracle VirtualBox, Firefox, Windows 11, Ubuntu, and Safari.

Below is the list of hacking attempts against Microsoft Teams:

SUCCESS – Hector “p3rr0” Peralta was able to demonstrate an improper configuration against Microsoft Teams. He earns $150,000 and 15 Master of Pwn points.
SUCCESS – Masato Kinugawa was able to execute a 3-bug chain of injection, misconfiguraton and sandbox escape against Microsoft Teams, earning $150,000 and 15 Master of Pwn points.
SUCCESS – Daniel Lim Wee Soong (@daniellimws, Poh Jia Hao (@Chocologicall), Li Jiantao (@CurseRed) & Ngo Wei Lin (@Creastery of STAR Labs successfully demonstrated their zero-click exploit of 2 bugs (injection and arbitrary file write) on Microsoft Teams. They earn $150,000 and 15 Master of Pwn points.

Manfred Paul (@_manfp) successfully demonstrated the exploitation of prototype pollution and improper input validation on Mozilla Firefox. Paul earned $100,000 and 10 Master of Pwn points.

Paul also exploited an out-of-band write issue on Apple Safari and earned $50,000 and 5 additional Master of Pwn points.

The remaining exploits received a $40,000.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Vancouver 2022)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.