Vietnamese security experts won 40 000 dollar prize from Microsoft service
Two Vietnamese security experts who pointed out the flaws in Microsoft's email and Windows 10, won the USD 40,000 prize at the world's top security competition.
Two Vietnamese security experts who pointed out the flaws in Microsoft's email and Windows 10, won the USD 40,000 prize at the world's top security competition. (Photo: VN Express)
On the website of the Pwn2Own security competition, the Vietnamese team gained success in two exams held on April 7 and 8. In the "Local Escalation of Privilege" category on Windows 10 operating systems, the team has succeeded in elevating user rights from "Normal" to "System privilege" - which allowed them to gain the highest control over the computer. In the "Servers" category, the team also successfully hacked the Microsoft Exchange email server system.
After two competitions, experts from Vietnam helped Microsoft find out five flaws in their services, including two in Windows 10 and three in the Exchange server. These flaws have all been rated as particularly critical, allowing hackers to take control of computers and emails, break into the systems of organizations and enterprises using Microsoft Exchange email servers. This helped the Vietnamese team receive a prize of USD 40,000 and be recognized in the global awards system.
As one of the largest security competitions in the world, Pwn2Own is held annually by the Zero Day Initiative since 2007. (Photo: Bao Moi)
The Vietnamese team participating in the Pwn2Own competition includes Pham Van Khanh and Dao Trong Nghia, employees of Viettel Cyber Security. Pham Van Khanh is ranked 19th in the top of Microsoft's vulnerability detection experts in 2020. Khanh discovered nearly 20 zero-day flaws on Microsoft platforms, such as MS Exchange, MS Dynamic, IIS. Dao Trong Nghia specializes in software vulnerabilities, many times acknowledged by Microsoft for discovering serious loopholes in the Windows operating system.
Nghia assessed the test as a great challenge. Each competition takes place in 20 minutes. Each team has 3 attempts. Vietnamese experts gained success in the first attempt, and the test was completed in less than 5 minutes.
As one of the largest security competitions in the world, Pwn2Own is held annually by the Zero Day Initiative since 2007. According to Wired, Pwn2Own has an important role in the global industry and technology, as it gathers leading security experts.
This year, the competition partners Microsoft, Adobe, VMWare, Zoom, and Tesla - companies with great influence in recent times. Pwn2Own 2021 is organized virtually with 23 participating teams. After two exams, the Vietnam team gained 11.5 points, ranking fourth in the Pwn2Own competition.