On the first day of Pwn2Own Berlin 2026, three independent research teams demonstrated three separate ways to escalate from a standard user to SYSTEM on Windows 11. Each used a distinct vulnerability class. All three were previously unknown. None will be patched until sometime in the next 90 days.
The security industry’s response to this will be: vendors will patch these bugs. The vulnerability management industry will add them to tracking dashboards when CVEs are assigned. Enterprises will patch them on the next available Patch Tuesday or the following month. It’s a mature, well-understood process.
What the process doesn’t answer is the more uncomfortable question: if three independent research teams can each find a separate unpublished Windows LPE and demonstrate it in a competition setting, how many Windows LPEs are currently known to adversaries who didn’t disclose them at Pwn2Own?
What Pwn2Own Actually Demonstrates
Pwn2Own is a controlled disclosure event. Researchers must register their exploits, demonstrate them to judges, and then hand over all technical details to the vendor. The prize money compensates researchers for the lost exploit value.
The implicit premise of the whole system — that researchers who find these bugs will sell them to ZDI rather than to exploit brokers or offensive cyber programmes — relies on economics. ZDI pays well. But offensive cyber programmes and exploit brokers pay more, for bugs that go undisclosed. Pwn2Own gives us visibility into the bugs that were sold to the vendor disclosure programme. It is a lower bound on the total number of high-value bugs that exist.
Three LPEs in Windows 11 in one competition day is not unusual. It is consistent with Pwn2Own history. Windows is a large, complex codebase and kernel-mode attack surface has always been broad. None of this is a surprise to anyone who follows vulnerability research. What is worth asking is what the enterprise response should be to that baseline fact: that Windows, Edge, VMware, and virtualisation software in use across enterprise environments are breakable by skilled researchers, on a regular basis, with independent exploit chains.
The Patching-as-Response Problem
The standard enterprise response to Pwn2Own findings is to add the eventual CVEs to the vulnerability management backlog and patch them on the standard cycle. This response treats Pwn2Own results as a slower version of Patch Tuesday — more bugs to patch eventually.
But that framing misses what Pwn2Own reveals about the defensive posture question. The question is not only “will I patch these specific bugs?” It is “what is my posture against LPEs in Windows that I don’t know about yet, in the period between when an adversary finds them and when a researcher discloses them through a legitimate channel?”
That period can be months or years. Eternal Blue (MS17-010) was patched in March 2017 — NSA had been using it for years before that. Several of the Exchange vulnerabilities that drove the 2021 mass exploitation wave were known to nation-state actors before their CVE assignments. Pwn2Own demonstrates that bugs exist and are findable; the known-to-adversary timeline is always ahead of the known-to-defender timeline.
What a Pwn2Own Result Should Actually Change
The reasonable enterprise response to Pwn2Own is not to update the patch backlog. It is to treat Pwn2Own results as a regular reminder that your layered defence needs to work against an adversary who has achieved a foothold and has an LPE.
That means: what stops an attacker who has a low-privilege shell on a Windows machine from reaching SYSTEM, and from there reaching domain controller, and from there reaching everything? If the answer is “we rely on endpoint protection to detect the LPE attempt” — Pwn2Own bugs are often demonstrated against fully patched, fully AV-equipped systems. If the answer is “we rely on not being targeted” — three separate LPEs in one day suggests the supply of available exploits is not the constraint for a determined attacker.
Endpoint hardening, application control, credential segmentation, and network segmentation don’t depend on knowing the specific LPE that will be used. Pwn2Own Day 1 results are a prompt to test whether those controls actually hold — not to add five new items to the vulnerability management queue.
The bugs will be patched. That’s not the lesson.
Share this article