What you need to know
- Exploit acquisition platform Zerodium has temporarily increased its bounty for Microsoft Outlook zero-click remote code executions from $250,000 to $400,000.
- These types of exploits can attack a target without requiring interaction such as reading an email or opening an attachment.
- Zerodium's customers are government institutions that are primarily in North America and Europe.
Zerodium, an exploit acquisition platform, has increased its payout for Microsoft Outlook zero-click remote code executions (RCEs) from $250,000 to $400,000. The increase is a temporary measure to obtain zero-click exploits that can attack PCs and networks without requiring user interaction. Zerodium outlines the change on its limited-time bug bounties page.
Some attacks, such as phishing scams, require people to interact with an attack like opening an email or email attachment. Zero-click exploits do not require interaction, making them more dangerous.
"We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000," explains Zerodium. "We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward."
Zerodium specializes in zero-day exploits and security research. Its customers are government institutions that are primarily in North America and Europe.
The increased payout for Microsoft Outlook zero-click RCEs began on January 27, 2022, but does not have a definitive end date.
Microsoft also has a list of bounty payouts ranging up to $250,000. Microsoft paid $13.6 million for bug bounties between July 2020 and July 2021.
We may earn a commission for purchases using our links. Learn more.