web analytics
Home » Technology » Microsoft » Vulnerabilities in Microsoft Outlook Drive Pricing for Zero-Day Exploits

Vulnerabilities in Microsoft Outlook Drive Pricing for Zero-Day Exploits


The latest waves of attacks on Outlook vulnerabilities are now having further ramifications: Exploit broker Zerodium has announced it will increase its payout for zero-day vulnerabilities that allow remote code execution in Outlook to $400,000. This is according to a report from the company. So far, Zerodium has only confirmed plans to increase the payout for zero-day vulnerabilities related to Outlook to $400,000 for a period of time. However, it is not yet known how long this new prize will be used as a reward for disclosing vulnerabilities.

So far, the company has paid up to $250,000

Previously, Zerodium rewards for RCE vulnerabilities in Microsoft Outlook were capped at $250,000. For $400,000, Zerodium now expects an exploit that allows remote code execution without any interaction, known as a “zero-click exploit,” when Microsoft’s email client receives or downloads messages.
The new ‘One Outlook’ could look something like this – Source: Windows Central

Zero-click exploit expected

The company expects a fully functional and reliable exploit to be included: “We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits that can be used when receiving/downloading email. emails in Outlook Remote code execution without any user interaction, such as reading the malicious email or opening an attachment,” Zerodium writes. The company does not exclude a bounty for exploits that require opening or reading an email, in which case the senders will receive a lower, undisclosed payout. The $400,000 figure is a huge increase, but also reasonable considering the issues that vulnerabilities in Outlook have caused in the past. Moreover, Zerodium paid the same price for similar exploits of Google Chrome. The company also increased the payout for an exploit that would allow remote code execution in Mozilla Thunderbird. There is currently $200,000 for this. See also: logo, office, email, office 365, mail, outlook, microsoft office, microsoft 365, microsoft 365 for business, microsoft outlook, outlook mail, microsoft mail, outlook mobile