Windows News
Three critical zero-day exploits against Microsoft products were demonstrated on May 14 and 15 at Pwn2Own Berlin 2026, held alongside OffensiveCon. Security researchers successfully compromised Microsoft Edge (a sandbox escape), elevated privileges on a fully patched Windows 11 system, and achieved remote code execution on Microsoft Exchange Server. Each exploit earned a six-figure payout as part of the Zero Day Initiative’s vulnerability acquisition program, triggering immediate coordinated disclosure and starting the 120-day countdown for Microsoft to deliver patches.
Edge Sandbox Escape Breaks the Browser’s Primary Defense
One of the most technically impressive demonstrations came against Microsoft Edge, where a team of researchers chained multiple vulnerabilities to escape the browser’s hardened sandbox. Edge, based on Chromium, employs a multi-process architecture that isolates web content in a restricted environment. Escaping that sandbox allows an attacker to execute arbitrary code on the underlying operating system with the user’s privileges.
The exploit relied on a memory corruption bug in the JavaScript engine coupled with a logic flaw in the sandbox’s IPC (interprocess communication) mechanism. After convincing a target to visit a malicious webpage, the researchers gained code execution outside the sandbox in under three seconds. The specific details of the vulnerabilities were immediately disclosed to Microsoft under the ZDI’s coordinated disclosure policy, and no technical write-ups will be published until patches are available.
Sandbox escapes are a rare breed at Pwn2Own. Over the past five years, fewer than ten such exploits have been demonstrated across all major browsers. This one was particularly notable because it bypassed Edge’s enhanced security controls, including Arbitrary Code Guard (ACG) and Control Flow Guard (CFG), which had successfully thwarted similar attempts in previous contests.
The payout for this achievement was $150,000, reflecting the difficulty and real-world impact. Had the researchers also achieved SYSTEM-level code execution—typically the next step after a sandbox escape—the reward could have risen to $250,000.
Windows 11 LPE Gives Attackers Full Control
A second team demonstrated a local privilege escalation (LPE) against Windows 11 24H2, the latest feature update available at the time of the contest. Starting from a standard user account, the exploit leveraged a race condition in the kernel’s handling of driver I/O requests, allowing arbitrary read/write in kernel memory. Within five seconds, the researchers had escalated to SYSTEM integrity level—the highest privilege on Windows.
LPE bugs are a staple at Pwn2Own because they are a critical link in the attack chain. An attacker might combine a remote code execution exploit (which often grants limited user rights) with an LPE to completely own a machine. The demonstrated exploit required no prior knowledge of the target’s credentials and worked reliably across multiple hardware configurations.
Microsoft has invested heavily in kernel hardening over the years, including Virtualization-Based Security (VBS), hypervisor-protected code integrity (HVCI), and Kernel Data Protection (KDP). Yet determined researchers continue to find gaps. The bug class—TOCTOU (time-of-check to time-of-use) in a device driver—has been a recurring theme, underscoring the challenge of auditing thousands of drivers that ship with Windows.
The LPE earned $60,000, a standard reward for a quality escalation proof-of-concept. ZDI noted that this particular report included a detailed root cause analysis and a proposed fix, which often speeds the vendor’s response.
Exchange RCE Puts On-Premises Servers at Immediate Risk
Perhaps the most alarming exploit came on the second day: an unauthenticated remote code execution (RCE) against Microsoft Exchange Server 2019. The researchers sent a single crafted HTTP request to the Exchange Control Panel (ECP) endpoint, bypassing authentication entirely and executing code as SYSTEM.
The exploit did not require any user interaction and could be weaponized to install ransomware, exfiltrate email, or establish persistence. The vulnerability resided in a deserialization flaw within the Exchange backend, similar in nature to the ProxyLogon and ProxyShell families that caused widespread exploitation in 2021 and 2022.
Exchange Server vulnerabilities are a red-alert for enterprises because on-premises Exchange deployments are often exposed to the internet and house sensitive communications. Despite Microsoft’s repeated guidance to apply patches immediately and segment Exchange from the internet, many organizations lag behind. A working exploit demonstrated at Pwn2Own is practically a guarantee that threat actors will reverse-engineer it once patches are released—or sooner if details leak.
The payout for this demonstration was $200,000, making it the second-highest single reward of the contest. ZDI confirmed that the vulnerability was previously unknown and affected all supported Exchange versions at the time.
Six-Figure Payouts and the Economics of Zero-Day Research
Across the two days, Microsoft-related exploits alone earned researchers over $450,000. The Zero Day Initiative, run by Trend Micro, operates Pwn2Own as both a showcase of offensive security skill and a marketplace for purchasing zero-day vulnerabilities. By paying researchers directly, ZDI obtains exclusive rights to the vulnerability details and immediately reports them to the affected vendor, starting the clock on a mandatory fix.
Payout amounts are scaled based on the product category, attack vector, and impact. Browser sandbox escapes, virtualization guest-to-host escapes, and full-chain exploits command the highest bounties. The table below shows the reward structure for Microsoft targets at the event:
| Vulnerability Category | Payout (Single Bug) | Payout (Full Chain) |
|---|---|---|
| Browser renderer RCE | $80,000 | $150,000 |
| Sandbox escape | $150,000 | $250,000 (combined) |
| Local privilege escalation | $60,000 | n/a |
| Exchange RCE (unauthenticated) | $200,000 | n/a |
| Hypervisor guest-to-host escape | $250,000 | $450,000 |
Despite the high payouts, purchasing vulnerabilities is a cost-effective defense for vendors. A single zero-day sold on the black market can fetch millions, and the downstream cost of incidents like Exchange mass-exploitation events often runs into the billions. The Pwn2Own model incentivizes responsible disclosure while giving defenders a head start.
The Patch Clock: What Happens Next
Under ZDI’s responsible disclosure policy, Microsoft now has 120 days to develop and release security updates that address these vulnerabilities. If Microsoft fails to patch within that timeframe, ZDI may publish limited technical details as a zero-day advisory, but historically Microsoft has treated Pwn2Own reports with high urgency.
The three exploits disclosed at Berlin 2026 will likely result in CVEs and appear in the next several Patch Tuesday releases. Given the severity—especially the Exchange RCE—expect an out-of-band patch for Exchange if exploitation in the wild is detected before the regular cycle. Microsoft’s Security Response Center (MSRC) acknowledged the reports and confirmed they will follow the standard coordinated disclosure process.
For enterprise defenders, the immediate recommendations include:
- Monitor the Microsoft Security Response Center blog and Patch Tuesday notes for CVE assignments and deployment guidance.
- Review Exchange server exposure and enforce strict network segmentation and multi-factor authentication.
- Deploy Windows 11 security features like VBS and Credential Guard to raise the bar for privilege escalation, even if not foolproof.
- Migrate to Edge’s latest stable channel and enable Enhanced Security mode to reduce attack surface.
- Validate that security solutions can detect post-exploitation activity such as unexpected process creation from SYSTEM accounts.
OffensiveCon and the Expanding Pwn2Own Franchise
Pwn2Own Berlin 2026 was held in conjunction with OffensiveCon, a community-driven security conference known for its deep technical talks and workshops. The venue attracted a global audience of researchers, red-team operators, and blue-team analysts. This marks the third year that the ZDI has partnered with OffensiveCon to host a Pwn2Own event in Europe, complementing the flagship contests in Vancouver and Tokyo.
The next Pwn2Own event will take place at Black Hat USA in Las Vegas, where Microsoft products will again be in the crosshairs—alongside industrial control systems, virtualization platforms, and automotive targets.
A Persistent Reality: No Software Is Immune
The results from Berlin reinforce an uncomfortable truth: even the most fortified software products contain exploitable weaknesses. Edge’s sandbox, Windows 11’s kernel defenses, and Exchange’s security improvements all fell to skilled adversaries within contest time limits. These are not theoretical exercises—they represent what well-resourced attackers can achieve.
For Microsoft, the feedback loop from Pwn2Own is invaluable. Each successful exploit uncovers not just a single bug but often a class of issues that prompt broader architectural changes. The introduction of ACG and CFG, for instance, was partly a response to browser exploitation trends seen at earlier contests. Similarly, the move toward Exchange Server hardening in recent cumulative updates can be traced to vulnerabilities disclosed through the ZDI program.
For users and administrators, the message is clear: patch aggressively, assume breach, and design defenses in depth. The 120-day clock is ticking, but the window for real-world exploitation could be much shorter if attackers uncover these same bugs independently—or if exploit code leaks prematurely.
As the contest closed and researchers collected their checks, attention turned to Microsoft’s engineering teams in Redmond. The exploits are now in their hands, and the countdown to Patch Tuesday has begun. How quickly they can respond will determine whether these demonstrations remain controlled exercises or become the next wave of in-the-wild attacks.