Zero-day flaws for Microsoft Outlook RCE are now on the market for $400,000

David Artykov
Purple Team
Published in
2 min readJan 30, 2022

--

Zerodium, an exploit broker, has increased the pay for zero-day flaws that enables remote code execution (RCE) in the Microsoft Outlook email client to $400,000. The new compensation is temporary, according to the corporation, but the deadline for submissions has yet to be announced.

The standard bounty for an RCE bug in Microsoft Outlook for Windows is $250,000, with “a fully working and trustworthy exploit” required. For $400,000, Zerodium is looking for an attack that allows remote code execution without user involvement, or “zero-click,” when Microsoft’s email client receives or downloads messages.

“We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment.” — Zerodium

The organization isn’t putting out a prize for exploits that necessitate the opening or reading of an email, however the contributor will receive a smaller, unspecified reward. Zerodium also reminds users that it is still paying up to $200,000 for exploits that lead to remote code execution in Mozilla Thunderbird, which it has been doing…

--

--

Purple Team
Purple Team

Published in Purple Team

Help cybersecurity professionals to enhance their knowledge.

David Artykov
David Artykov

No responses yet

What are your thoughts?