Security

Zero-Day Vulnerability

A software security flaw unknown to the vendor and for which no patch exists, potentially allowing attackers to exploit systems before defenses are available.

Also known as:0-DayZero Day

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a software security flaw that is unknown to the software vendor or the public. The term "zero-day" refers to the fact that developers have had zero days to fix the issue since it's just been discovered or exploited.

Zero-Day Terminology

Zero-Day Vulnerability The security flaw itself.

Zero-Day Exploit Code that takes advantage of the vulnerability.

Zero-Day Attack An attack using a zero-day exploit.

Zero-Day Lifecycle

  1. Introduction

    • Bug introduced in code
    • Unknown to all parties

  2. Discovery

    • Researcher finds flaw
    • Or attacker discovers it

  3. Disclosure/Exploitation

    • Responsible disclosure
    • Or in-the-wild exploitation

  4. Patch Development

    • Vendor creates fix
    • Testing and validation

  5. Patch Release

    • Update available
    • No longer zero-day

Defense Strategies

Proactive

  • Defense in depth
  • Least privilege
  • Network segmentation
  • Application hardening

Detection

  • Behavioral analysis
  • Anomaly detection
  • Threat intelligence
  • Honeypots

Response

  • Incident response plans
  • Virtual patching
  • Compensating controls

Notable Zero-Days

  • Log4Shell (2021)
  • EternalBlue (2017)
  • Stuxnet (2010)
  • Heartbleed (2014)
Previous

Zero Trust