VMware Security Response Center Misc

VMware and Pwn2Own Vancouver 2023

Greetings from VMware Security Response Center!!

We’re excited to announce that VMware will be returning to Pwn2Own 2023 hosted on March 22nd – 24th, in Vancouver, Canada. VMware will have the opportunity to attend in-person to validate any demonstrations of a VMescape.

Similar to last year, we will have two of our Hypervisors, VMware ESXi – Type 1 and VMware Workstation – Type 2 as targets in the virtualization category with prize money of $150,000 and $80,000 respectively. There is an add-on bonus in this category applicable to Workstation. If a contestant can escape the guest OS, then escalate privileges on the host OS through a Windows kernel vulnerability, they can earn an additional bounty.

Hacking contests like this are an excellent opportunity for us to meet and collaborate with the security research community. Over the years, we have seen some high-quality research demonstrated by highly skilled security researchers. To extend our support to the contest and the security research community, we are happy to inform you that this year also VMware returns as a Pwn2Own sponsor. If you are attending Pwn2Own, then come and say ‘Hi’ to us. We will be happy to meet you.

We would like to thank Zero Day Initiative (ZDI) for allowing us to participate in the upcoming event.

Stay tuned! This post will be updated with more information as they become available.

If you would like to be kept informed on VMware Security Advisories (VMSAs) please sign up here for new and updated information.