At the Pwn2Own event in Berlin, a significant security breach was highlighted as a trio of vulnerabilities in Microsoft Exchange led to SYSTEM-level remote code execution. This exploit followed closely on the heels of three zero-day attacks against Windows 11, which occurred just a day prior on May 14. The event showcased elite hackers competing to identify and exploit unknown weaknesses in various software and hardware.
Orange Tsai from the DEVCORE Research Team was awarded a $200,000 bounty for demonstrating the exploit and promptly sharing the technical details with event organizers. The Pwn2Own event, organized by the Trend Micro Zero Day Initiative, emphasizes responsible vulnerability disclosure, contrasting with other methods where zero-day exploits may be sold on the black market.
Participants at Pwn2Own have the potential to earn over $1,000,000 in cash and prizes by providing fully functioning exploits and detailed whitepapers on their findings immediately after their demonstrations. This approach is crucial for enhancing security measures and ensuring that vendors like Microsoft can address vulnerabilities effectively.