Security News > 2022 > January > Microsoft Outlook RCE zero-day exploits now selling for $400,000
Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution in Microsoft Outlook email client.
Zerodium's regular bounty for RCE vulnerability in Microsoft Outlook for windows is $250,000, expected to be "Accompanied by a fully functional and reliable exploit."
"We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment" - Zerodium.
The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook.
While the company did not specify an end date for submitting zero-click Microsoft Outlook exploits, the period may be quite long.
On March 31, 2021, Zerodium announced that it was temporarily tripling the bounty for WordPress RCE exploits and the offer still stands today.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)