Connect with us

Hi, what are you looking for?


Microsoft Outlook RCE zero-day exploits now selling for $400,000


Microsoft Outlook RCE zero-day exploits now selling for $400,000

Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution (RCE) in Microsoft Outlook email client.

The new payout is not permanent, the company says in a short tweet, but the end date for submissions is still to be disclosed.

Zero-click exploits expected

Zerodium’s regular bounty for RCE vulnerability in Microsoft Outlook for windows is $250,000, expected to be “accompanied by a fully functional and reliable exploit.”

For $400,000, Zerodium is awaiting an exploit that achieves remote code execution without any interaction, the so-called ‘zero-click,’ when Microsoft’s email client is receiving or downloading messages.

“We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment” – Zerodium

The company is not ruling out a bounty for exploits that require an email to be opened or read, although the submitter will get a lower, undisclosed payout.

Zerodium is also reminding that it currently offers up to $200,000 for exploits leading to remote code execution in Mozilla Thunderbird, the same amount offered since 2019.

The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook. An RCE in an email client would grant attackers access to all available accounts.

Advertisement. Scroll to continue reading.

While the company did not specify an end date for submitting zero-click Microsoft Outlook exploits, the period may be quite long.

On March 31, 2021, Zerodium announced that it was temporarily tripling the bounty for WordPress RCE exploits and the offer still stands today.

The regular payout for an exploit in the most popular open-source content management system (CMS) is $100.000.

At the moment, only WordPress, Mozilla Thunderbird, and Microsoft Outlook are listed as active on the page with temporarily increased bounties.

Recently expired temporary offers are for RCE and sandbox escape in Google Chrome (both up to $400,000), and RCE in VMware vCenter server (up to $150,000).

Source link

Click to comment

Leave a Reply


Online Business Success

Marketers have been touting the fact that content is king on repeat for a decade now. But just because content can have value doesn’t...

Loan And Finance

Hipgnosis Song Management has – using cash from its Blackstone-backed private fund – acquired the song catalog of superstar artist and songwriter Justin Timberlake....

Top Stories

Bitcoin (BTC) disappointed bulls on upside prior to the May 26 Wall Street open as BTC/USD returned under $29,000. BTC/USD 1-hour candle chart (Bitstamp)....

Online Business Success

A currency dealer is busy working. — AFP Pakistani rupee continues its downward slide after delay in revival of IMF programme. Pakistan and IMF...

Top Stories

The U.S. dollar index (DXY) retreated broadly from its prevailing bull run in the past two weeks, dropping by up to 3.20% after hitting...

Online Business Success

Federal Minister for Finance and Revenue Miftah Ismail. — Reuters “Govt committed to reviving IMF programme and put Pakistan back on a sustainable growth...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...