Information security company Zerodium has announced that rewards for 0-day security vulnerability that allow remote code execution (RCE) in the Microsoft Outlook email client have risen to $400,000.
In a tweet posted by the company, it was stated that the new payment amount is not permanent, and it is still not clear when the application period will end.
Zerodium’s regular reward for those who find the RCE vulnerability in Microsoft Outlook for Windows is $250,000. Microsoft’s email client receives or downloads messages and is given $400,000 for the so-called ‘zero-click’ vulnerability that allows remote code execution without any interaction.
AWARD WAS INCREASED FROM 250K TO 400K
Zerodium said in a statement: “We are temporarily increasing our payment for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for people to report zero-click exploits that lead to remote code execution when receiving or downloading email in Outlook without requiring any user interaction, such as reading a malicious email message or opening an attachment.”
The company also announced that it is offering rewards, albeit in smaller amounts, for vulnerabilities that require the email to be opened or read. Zerodium also reminded that it is currently awarding up to $200,000 for remote code execution vulnerabilities in Mozilla Thunderbird, and the reward has been the same since 2019. The same conditions apply for vulnerability payments for Mozilla Thunderbird as for Microsoft Outlook.
THE APPLICATION TIME IS APPROVED TO BE LONG
RCE in an email client gives attackers access to all existing accounts. Although the company did not specify a “deadline” to report zero-click vulnerabilities, this period is thought to be quite long.
On March 31, 2021, Zerodium announced that the bounty for WordPress RCE vulnerabilities had been temporarily tripled, the bounty is still valid today. The regular payment for reporting a vulnerability in the most popular open source content management system (CMS) is $100,000.
Currently, WordPress, Mozilla Thunderbird, and Microsoft Outlook are active on the list of temporarily increased rewards.