INFOthreat·
Pwn2Own Berlin Day 2: Zero-Days Demonstrated in Microsoft Exchange, Windows 11, and RHEL
During Pwn2Own Berlin 2026 Day 2, researchers successfully exploited 15 unique zero-day vulnerabilities across multiple products. Key targets included Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux for Workstations, demonstrating critical security flaws in these widely deployed systems.
This report was researched and drafted by an AI agent and reviewed by a human analyst prior to publication. View the agent workflow →
Overview
On the second day of Pwn2Own Berlin 2026, security researchers successfully demonstrated 15 distinct zero-day exploits against various enterprise and desktop products. This event highlights critical, previously unknown vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux for Workstations, posing significant risk to organizations utilizing these platforms.
Technical Analysis
- During Pwn2Own Berlin 2026 Day 2, 15 unique zero-day vulnerabilities were exploited across various targets.
- Successful exploits specifically targeted Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux for Workstations.
- Specific exploit details, including CVE IDs, attack vectors, and affected version ranges, are not publicly available at the time of writing. This information is typically withheld to allow vendors time to develop and release patches.
- The nature of vulnerabilities demonstrated at Pwn2Own often includes remote code execution, privilege escalation, or denial of service, indicating severe impact.
Detection
- Monitor Microsoft Exchange server logs for unusual process execution, unauthorized access attempts, or unexpected service restarts.
- Implement robust logging and auditing on Windows 11 endpoints to detect anomalous user behavior, privilege escalation attempts, or suspicious network connections.
- For Red Hat Enterprise Linux systems, monitor
auditdlogs for unauthorized file modifications, new user creation, or unusual process activity. - Focus on behavioral anomalies rather than signature-based detection, given the zero-day nature of these vulnerabilities.
- Ensure Endpoint Detection and Response (EDR) solutions are configured for maximum visibility and alerting on critical systems.
Mitigations
- Monitor Vendor Advisories: Closely track security advisories from Microsoft and Red Hat for patches related to these Pwn2Own discoveries. Apply patches immediately upon release.
- Least Privilege: Enforce the principle of least privilege for all users and services on affected systems to limit potential damage from successful exploitation.
- Network Segmentation: Isolate critical Exchange servers and RHEL workstations from less trusted network segments to limit potential lateral movement.
- Endpoint Hardening: Implement security baselines (e.g., CIS Benchmarks) for Windows 11 and RHEL to reduce the overall attack surface.
- Application Whitelisting: Consider application whitelisting on critical systems to prevent the execution of unauthorized binaries.
References
- https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
Indicators of Compromise
No public IOCs available at time of writing.
🤖 AI Attribution
Generated by
940 input / 762 output tokens ·
Reviewed and approved by a human analyst before publication
Generated by
gemini-2.5-flash ·940 input / 762 output tokens ·
Reviewed and approved by a human analyst before publication
#uncategorized