• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

Windows 10 falls victim to hackers, but not how you might think Windows 10

by

Security researchers squaring off at the Pwn2Own hacking competition have discovered various vulnerabilities in Microsoft’s Windows 10 operating system.

During the first two days of the event, which is run by the Zero Day Initiative, three Windows 10 exploits were identified, none of which had previously been documented.

The first, discovered by Team Viettel, saw an integer overflow bug abused to escalate user privileges, and the same feat was performed by researcher z3ro9 on the second day of the event via a similar flaw.

Finally, Tao Yan of Palo Alto Networks managed to alter the permissions of a regular user to SYSTEM levels by exploiting a Race Condition bug.

If exploited in the wild, these exploits could have allowed malicious hackers to make changes and install applications on target devices and gain access to sensitive systems unavailable to regular users.

Windows 10 vulnerabilities

The Pwn2Own competition has been running for 14 years now, during which period it has grown from a small event focused specifically on web browsers into a different beast entirely. This year, more than one million dollars in prize money is available to participants.

For the discovery of their respective Windows 10 bugs, both Yan and z3ro9 were awarded $40,000, as well as a handful of Master of Pwn points, which are used to determine the best performing hacker at the show.

Windows 10 is not the only product to have been hacked during the event, however. Researchers also discovered a Type Mismatch bug in web browsers Google Chrome and Microsoft Edge, while a zero click exploit chain was used to establish code execution on a target device via Zoom Messenger.

The final day of the event will see contestants set their sights once again on Windows 10, but also Microsoft Exchange, Ubuntu Desktop and Parallels Desktop.

All vendors whose products are exploited successfully at Pwn2Own will be briefed on the issues and given 90 days to release the necessary patches.

Via BleepingComputer

View Source

Filed Under: TECH

Primary Sidebar

More to See

Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.

DAYTON, Ohio—Looking to address Air Force Secretary Frank Kendall’s operational imperatives, cybersecurity leaders with the Air Force Life Cycle … [Read More...] about Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.

SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

Aug. 9, 2022 — Peter Rose, director of the Structural Bioinformatics Laboratory at the San Diego Supercomputer Center at UC San Diego, was recently … [Read More...] about SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

NFT and Metaverse Scams: Cybersecurity

1https://www.forbes.com/sites/jonathanponciano/2022/01/20/nfts-shatter-monthly-trading-record-with-4-billion-in-sales-heres-why-theyre-still-booming-de … [Read More...] about NFT and Metaverse Scams: Cybersecurity

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Ray Saitz: Back to school for computers, too
  • Air Force Was ‘Hyper Focused’ on Cybersecurity for IT Networks. Now Other Systems Need Protection.
  • SDSC’s Peter Rose Wins COVID-19 NIH/NICHD Award – High-Performance Computing News Analysis

Search

Copyright © 2022 Computer Business World