Outlook bug bounty payout increases to $400,000, but only for a limited time

You could make up to $400,000 for discovering a zero-click exploit in Microsoft Outlook.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

Zerodium, an exploit acquisition platform, has increased its payout for Microsoft Outlook zero-click remote code executions (RCEs) from $250,000 to $400,000. The increase is a temporary measure to obtain zero-click exploits that can attack PCs and networks without requiring user interaction. Zerodium outlines the change on itslimited-time bug bounties page.

Some attacks, such as phishing scams, require people to interact with an attack like opening an email or email attachment. Zero-click exploits do not require interaction, making them more dangerous.

“We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000,” explains Zerodium. “We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.”

Zerodium specializes in zero-day exploits and security research. Its customers are government institutions that are primarily in North America and Europe.

The increased payout for Microsoft Outlook zero-click RCEs began on January 27, 2022, but does not have a definitive end date.

Microsoft also has alist of bounty payoutsranging up to $250,000. Microsoft paid $13.6 million for bug bounties between July 2020 and July 2021.

You can compareMicrosoft’s bug bounty payoutstothose of Zerodiumto see how the companies compare. The value of bounties varies dramatically based on the severity of the discovered vulnerability.

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.