Security News > 2022 > January > Microsoft Outlook RCE zero-day exploits now selling for $400,000
Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution in Microsoft Outlook email client.
Zerodium's regular bounty for RCE vulnerability in Microsoft Outlook for windows is $250,000, expected to be "Accompanied by a fully functional and reliable exploit."
"We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment" - Zerodium.
The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook.
While the company did not specify an end date for submitting zero-click Microsoft Outlook exploits, the period may be quite long.
On March 31, 2021, Zerodium announced that it was temporarily tripling the bounty for WordPress RCE exploits and the offer still stands today.
News URL
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)