Zerodium Spikes Payout for Zero-Click Outlook Zero-Days

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits.

Act fast if you have the goods and the moral equanimity to make up to $400,000 for a zero-click, remote-code execution (RCE) exploit.

The price spike is only temporary, with the end date still to be determined, according to a Thursday post from Zerodium: runner of high-end, high-dollar, third-party bug-bounty programs.

“We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.” –Zerodium

As well, Zerodium has increased payout to $200,000 for zero-click, RCE exploits affecting the Mozilla Thunderbird browser.

Similar to the Outlook exploits it’s hunting for, Zerodium is looking for zero-click exploits that can achieve RCE in Thunderbird when targets are receiving or downloading emails, all without users having

Read More: https://threatpost.com/zerodium-payout-outlook-zero-days/178089/