Zerodium announces $400,000 payout for Microsoft Outlook Zero-Click RCE security vulnerability

• Click to enter:ChatGPT tool plug-in navigation

Zerodium is a security vulnerability exploitation supplier. Earlier today Time announced that it is increasing bounty payouts for Microsoft Outlook Zero-Click Remote Code Execution (RCE) by 60% to $400,000 from the previous $250,000.

Zero-click attacks are particularly dangerous because they require no user interaction at all to deliver the malicious payload to a potential victim’s device. Zerodium noted, however, that the increase in payout was "temporary," meaning the decision could be revised later.

Here is the full announcement:

We are temporarily increasing payouts for Microsoft Outlook RCE from $250,000 to $400,000. We are looking for zero-click vulnerabilities that lead to remote code execution when receiving/downloading emails in Outlook without any user interaction, such as reading the malicious email or opening an attachment. Exploits that rely on opening/reading emails may receive lower rewards.

In related Outlook news, Microsoft's One Outlook Project Monarch has apparently been delayed, but it's reportedly still making progress.

Alongside Microsoft’s Outlook payments announcement, Zerodium also announced Mozilla’s Thunderbird platform with a $200,000 bounty.

We are looking for zero-click vulnerabilities that affect Thunderbird and lead to remote code execution when receiving/downloading an email, without any user interaction such as reading the malicious email or opening an attachment. Exploits that rely on opening/reading emails may receive lower rewards.

The above is the detailed content of Zerodium announces $400,000 payout for Microsoft Outlook Zero-Click RCE security vulnerability. For more information, please follow other related articles on the PHP Chinese website!