Despite 7 Pwn2Own Zero-Days, Microsoft Has Not Released a Patch

Published:

spot_img

Unaddressed Windows Privilege Escalation Vulnerabilities Still Linger After Pwn2Own 2024

Microsoft is under scrutiny as seven Windows privilege escalation vulnerabilities remain unaddressed two months after being uncovered at Pwn2Own 2024 in Vancouver. This week’s Patch Tuesday saw a flurry of security fixes, including patches for actively exploited bugs, but Microsoft has yet to address the vulnerabilities highlighted by white hat researchers back in March.

The company has only fixed one of the seven identified issues, with Trend Micro’s Zero Day Initiative deeming them as “in the wild,” meaning they have been fully exploited by researchers. Although there is no evidence of malicious exploitation, the potential threat to users is significant.

The seven bugs affect various Windows components, ranging from use-after-free bugs to heap-based buffer overflows. Details remain confidential, but Microsoft has acknowledged the legitimacy of the bugs and is reportedly working on fixes.

Dustin Childs, head of threat awareness at ZDI, expressed concern over Microsoft’s delayed response compared to other vendors who have promptly patched their systems. With over a billion users relying on Microsoft’s operating system, the pressure to address these vulnerabilities is mounting.

The clock is ticking for Microsoft to release patches within the 90-day window provided by Pwn2Own guidelines. As security continues to be a top priority for the tech giant, the industry is eagerly awaiting updates on the progress of these crucial fixes.

spot_img

Related articles

Recent articles

Mimo Hackers Target Craft CMS Vulnerability CVE-2025-32432 to Deploy Cryptominer and Proxyware

Rising Threat of Cryptojacking: Exploiting Craft CMS Vulnerabilities Overview of the Attack A recent cybersecurity threat has emerged, highlighting the dangers posed by a newly discovered...

EtihadWE and Emarat Unite to Elevate Customer Experience with EmCan Loyalty Program

Etihad Water and Electricity Teams Up with Emarat to Enhance Customer Loyalty A New Milestone in Collaboration In a significant move for the utilities sector, Etihad...

Apple App Store Fraud Prevention Stops $2 Billion in 2024

Apple's Strategy Against App Store Fraud Apple's ongoing commitment to maintaining the security and integrity of its App Store remains as robust as ever. In...

Global Crackdown Takes Down Dark Web Drug Hub ‘Top Korea’

Major Crackdown on Dark Web Drug Trafficking in South Korea The Disruption of Top Korea The Seoul Central District Prosecutors’ Office has made significant strides in...