What The Heck Is A Zero-Day?

What is a “zero-day,” exactly?   In information security, occasionally there is a brand new cybersecurity vulnerability or exploit in the news, and the reporter calls it a “zero-day” exploit.  What are they talking about.  This is a concept similar to “patient zero” in medical epidemiology. This is where the bad thing started to happen.

A zero-day vulnerability is a flaw in software code that has been undiscovered before now.  Often a security researcher will discover the flaw, and the usual protocol is to report it to the software developer, giving them a chance to release a patch to fix the problem.  Then , typically, the researcher publishes their findings, alerts are released, and software gets patched.

Sometimes a manufacturer or software company will ignore the researcher, and the information is published anyway.  This causes the vulnerability to be exposed without a remediation being available, and creates a risk for users of that product.

Sometimes the vulnerability is discovered by an organization like the NSA, and they will stockpile the vulnerability without reporting it to anybody, and use it for surveillance purposes.

And on particularly bad days, the vulnerability is discovered by a cyber-criminal gang, and an exploit is developed by them to exploit the vulnerability for financial gain.

A zero-day exploit is a malware attack that takes advantage of the newly discovered vulnerability.  Sometimes, a zero-day exploit is a brand new way to take advantage of an older known vulnerability.  Either way, a zero-day exploit will generally work against any computer running the vulnerable code.  The anti-malware software generally will not recognize a zero-day exploit, and will let it run on the targeted system. This makes zero-days particularly dangerous.

There is not a lot that an average person can do to combat a zero-day vulnerability.  The best advice is to keep your operating system and software patched and up-to date.

Security software works on definitions for known exploits, and heuristics, or behavior based detection and quarantine capabilities to detect malware-like behavior in code.  Anti-malware definitions cannot detect zero-days, but heuristics might.  Run an anti-malware program that includes heuristics.

This is why zero-day vulnerabilities and exploits are so dangerous, they are hard to detect and sometimes impossible to remediate, at least in the beginning of the attack.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.