Security News

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. "We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward." -Zerodium.

Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution in Microsoft Outlook email client. Zerodium's regular bounty for RCE vulnerability in Microsoft Outlook for windows is $250,000, expected to be "Accompanied by a fully functional and reliable exploit."

Microsoft has fixed a known issue causing search issues for Outlook users after installing Windows 10 security updates released since November 2021. While a fix for the Outlook search issue is already rolling out to all impacted Windows 10 devices, Microsoft says it's still "Working on a resolution and will provide an update in an upcoming release" for affected Windows 11 systems.

Microsoft has fixed a known issue causing search issues for Outlook users after installing Windows 10 security updates released since November 2021. While a fix for the Outlook search issue is already rolling out to all impacted Windows 10 devices, Microsoft says it's still "Working on a resolution and will provide an update in an upcoming release" for affected Windows 11 systems.

Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that leads to search issues in Outlook for Microsoft 365. "After you install update KB5008212, recent emails may not appear in search results," Microsoft explained in a recently published Office support document.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access."The particular danger with Owowa is that an attacker can use the module to passively steal credentials from users who are legitimately accessing web services," he explained.

A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook. To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.

Microsoft has shared a solution for Outlook users who have been experiencing search issues after upgrading to Windows 11. "This issue will happen with any account where the emails and other items are stored locally in PST or OST files such as POP and IMAP accounts," Microsoft says on its list of recent issues impacting Outlook for PC. "For Exchange and Microsoft 365 hosted accounts, this issue will affect offline search for the data in the locally stored OST files."

Microsoft has released the optional KB5005611 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes bugs in Microsoft Outlook and makes it easier to mitigate the PrintNightmare vulnerability. This cumulative update is part of Microsoft's September 2021 monthly "C" update, allowing Windows users to test the upcoming fixes before they are automatically deployed in the forthcoming October 2021 Patch Tuesday.

" Guess what? iOS 12 wasn't dead, it was just resting. Researchers rediscover an Outlook data leakage issue.