Outlook Zero-Day: Hackers Demand $1.7 Million for Exploit

A highly alarming situation is emerging in the world of cybersecurity. A hacker known by the pseudonym “Cvsp” has announced on a cybercrime forum the sale of an RCE exploit for a zero-day vulnerability in Microsoft Outlook.

According to the hacker, this exploit enables remote code execution and works reliably on Microsoft Office 2016, 2019, LTSC 2021, and Microsoft 365 Apps for Enterprise. The conducted tests purportedly demonstrated a 100% success rate, indicating the exploit’s high reliability and effectiveness in compromising vulnerable systems.

Information about the exploit will be disclosed only privately, underscoring its secrecy. The hacker stated that the transaction would be conducted exclusively through the escrow service ShinyHunters and advised journalists and other “casual observers” to stay away.

The price for the exploit is set at $1,700,000. Such a substantial sum reflects the severity of the vulnerability discovered by the hackers and the potential damage it could inflict on users.

Cybersecurity experts have already expressed serious concerns about the potential repercussions. Given that the vulnerability affects popular office programs installed on nearly every computer, many large companies and home users could be at risk of being hacked.

Since information about the vulnerability and how to exploit it is being shared privately, it is extremely difficult for cybersecurity experts to determine where to focus their attention to promptly identify the breach.

Users are advised to remain particularly vigilant: stay updated on the latest news regarding this vulnerability, avoid opening any suspicious files, especially those received via email, and regularly check for updates to Microsoft Office to protect their systems as soon as a patch becomes available.