We often hear of Zero Day attacks, vulnerabilities, or exploits. We have also heard of Zero-Day patches. This article helps you know what is a Zero Day attack, exploit, or vulnerability. Zero-Day attacks generally refer to attacks on vulnerabilities, where there is a zero-day gap between the found vulnerability and the attack taking place.
Zero Day attack, exploit, or vulnerability
A Zero-day vulnerability is a hole in software, firmware, or hardware that is not yet known to the user, vendor, or developer and is exploited by hackers before a patch for it is issued. Such attacks are called Zero-day exploits. Thus a Zero-Day attack is an exploit done before the developer of the software, or the manufacturer of the hardware can patch the Zero-Day Vulnerability. Thus, the vulnerability is waiting for a patch or vendor fix while the attack exploits the vulnerability.
There can be many types of Zero-Day Attacks. This includes attacking a system to gain access to it and injecting malware, spyware, or adware. This attack is made before the manufacturer is even aware of the vulnerability; hence, a sense of emergency exists to patch it up.
Once the patch is made available, the vulnerability is no longer a Zero Day vulnerability.
Hackers or some third-party security firm usually detect a Zero-Day vulnerability. In the case of hackers, they make good use of vulnerability until it is fixed. In case a third-party security firm discovers a Zero-Day Flaw or a Zero-Day Vulnerability, they inform the software or hardware system manufacturers so they can rush to work on a fix, usually known as a Zero-Day patch, and give it some time to patch it.
How Microsoft deals with Vulnerabilities
Normally, there is a Patch Tuesday at Microsoft.Microsoft uses various terms to describe the software updates and patches released by it. On every second Tuesday of a month, Microsoft releases patches or fixes that apply to its range of products, including the Windows operating system. The patches are normally for vulnerabilities or problems found in the case of routine software life cycle maintenance.
A Security Update is a widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The Microsoft security bulletin indicates the severity rating as critical, important, moderate, or low.
Then there are Critical releases of patches that come out of the turn. Suppose something is critical, and you cannot wait for next Patch Tuesday. In that case, Microsoft issues a Security Advisory along with a patch, usually aimed at patching up Zero-Day vulnerabilities referred by third-party security firms.
Sometimes, other types of critical vulnerabilities are found while auditing software and need immediate attention. Microsoft will issue an Advisory in such cases too, but this cannot be technically categorized as Zero-Day as it is Zero-Day Vulnerability only if the manufacturer is unaware of the vulnerability until informed by some third party – hackers or third-party security firms.
Read: Windows Patching best practices and guidance
How to deal with Zero-Day Attacks & Vulnerabilities
You cannot do much in the case of Zero-Day Vulnerability except wait for a patch issued by the software manufacturer or hardware in question. You may have noticed that zero-day vulnerabilities are often found in software like Adobe Flash and Java. Once the patch is released and you are informed, get the patch applied as soon as possible.
It also helps to keep things such as operating systems, installed software, and browsers updated. Popular programs like browsers and operating systems are often scanned for Zero-Day vulnerabilities and misused by cybercriminals. Though not full protection, you are somewhat protected if your software and firmware (hardware) are up to date with all the updates released for the products – at least you won’t be exploited via known vulnerabilities if you are up to date. Deploying an Intrusion Detection Software Anti-Exploit Tool or a Firewall that can detect such attacks can help.
What is an example of a zero-day attack?
The Stuxnet worm was a malicious program designed to target computers used for manufacturing purposes in several countries, including Iran, India, and Indonesia. The worm’s primary target was Iran’s uranium enrichment plants, intending to disrupt the country’s nuclear program.
Why is it called zero-day?
Zero-day vulnerabilities are newly discovered security flaws that hackers can exploit to attack systems. The term “zero-day” comes from the vendor or developer who only learned of the flaw, meaning they have zero days.
