Windows 11 hacked three times on day one of PWN2OWN.SOPA Images/LightRocket via Getty Images

Windows 11 Hacked — Three New Zero-Days Deployed By Pwn2Own Elite

by · Forbes

I’ve said it before, and I’ll say it again: hacking is not a crime. I’d have been in prison a long time ago were that true. I’m not a fan of the term ethical hackers, but it will have to do to describe the security researchers and hacking elite who have gathered in Berlin for day one of the Pwn2Own hackathon. Rather than use their undoubted hacking skills for malicious purposes, like the most prolific cybercriminal groups do, these hackers have been deploying zero-days for the good of us all, including three aimed at Windows 11 that managed to elevate privileges to system level that could enable complete system takeover. Such skills do not go unvalued, and the hackers concerned were rewarded $75,000 for their efforts. Here’s what you need to know about the Windows 11 hack trilogy.

Pwn2Own — Windows 11 Hacks Explained

If you are a regular reader of my articles, then you will know that I have covered the Pwn2Own events for many years. Most recently, detailing how Tesla fell to hackers four times in one day, and five zero-day vulnerabilities were employed to compromise the Samsung Galaxy 24 smartphone. You would also know that Tesla and Samsung submitted their products to the hackathon event, wanting to see if the elite of the hacking world could find vulnerabilities that they had not, so they could be fixed before malicious actors stumbled across them.

Pwn2Own, the brainchild of the Trend Micro Zero Day Initiative, dates back to 2007 and attracts some of the best hacking minds on the planet to the twice-yearly events. Pitched against the clock to “pwn” products, hacker and gamer slang for owning something or someone by gaining control, the zero-day hacker heroes can earn a share of more than a million dollars in prize funds.

Day one of Pwn2Own Berlin 2025, held on May 15, saw no less than three successful hacking attempts targeting Windows 11 and escalating privileges to system level:

MORE FOR YOU

‘NYT Mini’ Clues And Answers For Friday, May 16

Microsoft Update Fails—New Download Breaks Windows

Rubio Says NATO Members Will Soon Agree To Raise Defense Spending To 5% Of GDP Over Next Decade

  • Chen Le Qi of STARLabs SG won $30,000 by escalating privileges to system level on Windows 11 with a combination of a use-after-free and integer overflow exploit.
  • Marcin Wiązowski used an out-of-bunds memory write exploit to achieve the same end result and earned the same reward, another $30,000.
  • Hyeonjin Choi of Out Of Bounds earned a $15,000 bounty by exploiting a type confusion vulnerability to get those elevated Windows 11 privileges.

I have reached out to Microsoft for a statement regarding the Windows 11 hack successes at Pwn2Own.