Pwn2Own 2017: Researchers succeeded in a full virtual machine escape through Microsoft Edge

Home » Microsoft

Reading time icon 2 min. read

Calendar icon Updated on

by Pradeep Viswav 

updated on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

The Zero Day Initiative (ZDI), founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. The latest Pwn2Own competition was held last week and Microsoft Edge browser was successfully hacked several times by the contestants.

On Day 1 of the competition, Tencent Security – Team Ether targeted Microsoft Edge and they succeeded by using an arbitrary write in Chakra and escaped the sandbox using a logic bug within the sandbox. This netted them a cool $80,000.

On Day 2, Tencent Security – Team Lance also successfully exploited Microsoft Edge by using a UAF in Chakra then elevated their privilege to SYSTEM by using a UAF in Windows kernel. This garnered them $55,000.

Tencent Security – Team Sniper (Keen Lab and PC Mgr) completed their exploit of Microsoft Edge with a UAF in Chakra and escalated to SYSTEM-level privileges through a UAF in the Windows kernel. This won them $55,000.

A team from 360 Security successfully exploited Microsoft Windows with an out-of-bounds (OOB) bug in the Windows kernel. This netted them $15,000.

Finally, Tencent Security – Team Sniper (Keen Lab and PC Mgr) elevated privileges in Microsoft Windows through an integer overflow in the kernel. This earned them $15,000.

On Day 3, a team from 360 Security attempted a full virtual machine escape through Microsoft Edge and they succeeded it first for the Pwn2Own competition. They leveraged a heap overflow in Microsoft Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. These three bugs earned them $105,000. Their code demonstration needed only 90 seconds!

Finally, Richard Zhu (fluorescence) targeted Microsoft Edge with a SYSTEM-level escalation. He leveraged two separate use-after-free (UAF) bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel. This garnered him $55,000.

It is important to keep your Windows 10 device updated with latest updates from Microsoft to protect your device from vulnerabilities like the above.

More about the topics: hackers, microsoft, Microsoft Edge, Pwn2Own, Researchers, Virtual Machine, Virtual Machine escape, windows 10

Pradeep Viswav

Pradeep Viswav Shield

Software and Services Expert

Pradeep is a Computer Science and Engineering Graduate. He was also a Microsoft Student Partner. He is currently working in a leading IT company.