Pwn2Own 2017: Researchers succeeded in a full virtual machine escape through Microsoft Edge

The Zero Day Initiative (ZDI), founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. The latest Pwn2Own competition was held last week and Microsoft Edge browser was successfully hacked several times by the contestants.

On Day 1 of the competition, Tencent Security – Team Ether targeted Microsoft Edge and they succeeded by using an arbitrary write in Chakra and escaped the sandbox using a logic bug within the sandbox. This netted them a cool $80,000.

On Day 2, Tencent Security – Team Lance also successfully exploited Microsoft Edge by using a UAF in Chakra then elevated their privilege to SYSTEM by using a UAF in Windows kernel. This garnered them $55,000.

Tencent Security – Team Sniper (Keen Lab and PC Mgr) completed their exploit of Microsoft Edge with a UAF in Chakra and escalated to SYSTEM-level privileges through a UAF in the Windows kernel. This won them $55,000.

A team from 360 Security successfully exploited Microsoft Windows with an out-of-bounds (OOB) bug in the Windows kernel. This netted them $15,000.

Finally, Tencent Security – Team Sniper (Keen Lab and PC Mgr) elevated privileges in Microsoft Windows through an integer overflow in the kernel. This earned them $15,000.

On Day 3, a team from 360 Security attempted a full virtual machine escape through Microsoft Edge and they succeeded it first for the Pwn2Own competition. They leveraged a heap overflow in Microsoft Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. These three bugs earned them $105,000. Their code demonstration needed only 90 seconds!

Finally, Richard Zhu (fluorescence) targeted Microsoft Edge with a SYSTEM-level escalation. He leveraged two separate use-after-free (UAF) bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel. This garnered him $55,000.

It is important to keep your Windows 10 device updated with latest updates from Microsoft to protect your device from vulnerabilities like the above.

Comments