Windows 11 Hacked Three Times in One Day — and That's a Good Thing
Hackers are once again protecting users before Microsoft does.
Hackers are once again protecting users before Microsoft does.
On the first day of the Pwn2Own 2025 hacking competition in Berlin, researchers managed to hack Windows 11 in three different ways, gaining full access to the system. All attacks exploited previously unknown vulnerabilities — so-called zero-days — and the researchers were generously rewarded: the total prize money amounted to $75,000.
Pwn2Own has been held since 2007 by Trend Micro as part of the Zero Day Initiative. It’s a prestigious hacking tournament where security experts receive money and recognition for discovering critical vulnerabilities in popular products — before cybercriminals do. Participants are given limited time to "capture" devices, apps, and systems using weaknesses that manufacturers are not yet aware of. Successful hacks can earn participants both industry fame and substantial cash prizes. This year, the total prize pool exceeds one million dollars.
On May 15, during the first day of the Berlin event, three participants successfully hacked Windows 11 by escalating privileges to the system administrator level. This means they could have gained full control over a victim’s device. Researcher Chen Le Qi from STARLabs SG earned $30,000 for combining a use-after-free vulnerability with an integer overflow exploit. Polish expert Marcin Węgrzowski also received $30,000 for exploiting an out-of-bounds write vulnerability. An additional $15,000 was awarded to Hyeongjin Choi from the Out Of Bounds team, who used a type confusion vulnerability.
Despite the negative connotation often associated with the word "hacker," these specialists play a crucial role in cybersecurity — thanks to them, vulnerabilities become known to manufacturers before malicious actors can exploit them. For example, in previous Pwn2Own events, researchers successfully hacked Tesla vehicles and Samsung smartphones, helping companies patch potential security holes.
Microsoft has yet to comment on the new discoveries, but based on past experience, all identified vulnerabilities will likely be fixed in upcoming updates.
