Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft will increase the payout for certain bugs by $400,000 for a limited time
2 min. read
Published onJanuary 28, 2022
published onJanuary 28, 2022
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
Exploit acquisition platform Zerodium has increased its payout for zero-click RCEs in Microsoft Outlook from $250,000 to $400,000.
Zero-click exploits let attackers compromise PCs and networks without requiring user interaction. One company that buys such exploits, Zerodium, outlines the change on its limited-time bug bounties page.
Set off the exploit
Some cyberattacks, such as phishing emails or instant messages, require people to interact with an attack in order to set off the exploit. Zero-click exploits do not require interaction, making them even more dangerous.
“We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000,” indicated Zerodium. “We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.”
Zerodium is a security company specializing in acquiring and reselling zero-day exploits and vulnerabilities. Its primary customers are government agencies in North America and Europe.
Increased payout
Microsoft increased the payout for Outlook zero-click RCEs on January 27, 2022. They will continue until a date undisclosed.
Microsoft offers bounties from $5,000 to $250,000 for reports of vulnerabilities in its software. The company paid $13.6 million for bug bounty rewards between July 2020 and July 2021.
Microsoft’s bugbounty payout is less than that of Zerodium; the bounty values vary based on the severity of the discovered vulnerability.
What is your take on Microsoft’s way around the bugs? Share your thoughts with us in the comment section below.
Don Sharpe
Tech Journalist
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Don Sharpe
Tech Journalist
Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.
