Unaddressed Windows Privilege Escalation Vulnerabilities Still Linger After Pwn2Own 2024

Microsoft is under scrutiny as seven Windows privilege escalation vulnerabilities remain unaddressed two months after being uncovered at Pwn2Own 2024 in Vancouver. This week’s Patch Tuesday saw a flurry of security fixes, including patches for actively exploited bugs, but Microsoft has yet to address the vulnerabilities highlighted by white hat researchers back in March.

The company has only fixed one of the seven identified issues, with Trend Micro’s Zero Day Initiative deeming them as “in the wild,” meaning they have been fully exploited by researchers. Although there is no evidence of malicious exploitation, the potential threat to users is significant.

The seven bugs affect various Windows components, ranging from use-after-free bugs to heap-based buffer overflows. Details remain confidential, but Microsoft has acknowledged the legitimacy of the bugs and is reportedly working on fixes.

Dustin Childs, head of threat awareness at ZDI, expressed concern over Microsoft’s delayed response compared to other vendors who have promptly patched their systems. With over a billion users relying on Microsoft’s operating system, the pressure to address these vulnerabilities is mounting.

The clock is ticking for Microsoft to release patches within the 90-day window provided by Pwn2Own guidelines. As security continues to be a top priority for the tech giant, the industry is eagerly awaiting updates on the progress of these crucial fixes.