Security News > 2022 > January > Microsoft Outlook RCE zero-day exploits now selling for $400,000
Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution in Microsoft Outlook email client.
Zerodium's regular bounty for RCE vulnerability in Microsoft Outlook for windows is $250,000, expected to be "Accompanied by a fully functional and reliable exploit."
"We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment" - Zerodium.
The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook.
While the company did not specify an end date for submitting zero-click Microsoft Outlook exploits, the period may be quite long.
On March 31, 2021, Zerodium announced that it was temporarily tripling the bounty for WordPress RCE exploits and the offer still stands today.
News URL
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)