Home / Definitions / Zero-Day Exploit

Zero-Day Exploit

Ali Azhar
Last Updated March 22, 2022 4:34 am

A zero-day exploit or vulnerability is a security flaw in a computer system or program that allows hackers to perform a type of cyberattack in which the security flaw is known to the hackers but not the software developers. 

Typically, the exploit will take advantage of a security vulnerability on the same day that the vulnerability becomes publicly or generally known. Zero-day exploits are usually posted by well-known hacker groups. Software companies may issue a security bulletin or advisory when the exploit becomes known, but companies may not be able to offer a patch to fix the vulnerability for some time after.

How does a zero-day exploit work?

Once hackers have breached the target computer or system, the timing-based attack works because the hackers attack the system without the developers having a patch or upgrade to fix it. The hacker released the malware before the developer had any time to fix the vulnerability, hence this is known as a “zero-day” exploit. Once the software developers have developed a patch and used it, the exploit is no longer called a zero-day exploit.

Stealth is a major component of zero-day exploit making it difficult for software developers to know about the cyberattack. It can take months or even years for the software developers or users to realize their system has been under attack. A zero-day exploit is similar to a robber finding a door that is always left unlocked in a store. The robber continues to gain access to the store through that door until the store owner figures out that there is an unlocked door in the store.

What you need to do to understand and protect against zero-day threats | IT Business Edge

Examples of zero-day exploits

Vulnerability to zero-day exploits can come in many forms including broken and weak passwords. Here are two well-known examples.

  • Attack on Microsoft Windows in 2019: A vulnerability in the local escalation privileges led to a malware zero-day attack on Microsoft Windows in June 2019. Microsoft was able to develop and release a patch to fix the issue.
  • The DNC Hack in 2019: The Democratic National Committee (DNC) was attacked using a zero-day exploit technique in 2019. Russian hackers has previously discovered vulnerabilities in Microsoft Windows, Adobe Flash, and Java, then used spear phishing to gain unauthorized access to data.
  • Microsoft Patch Tuesday: The global predominance of Microsoft and Microsoft products makes it a ripe target for zero-day exploits. To combat these, Microsoft releases patches and updates one Tuesday every month. Security providers like malware bites report on the vulnerabilities addressed each Patch Tuesday. Here’s an example:

CVE-2022-21990: A Remote Desktop Client remote code execution vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. This vulnerability might be hard to exploit since it requires an attacker to control a malicious server and that the user must willingly connect to it. There is Proof-of-Concept (PoC) code available for this vulnerability.

SOURCE: Malwarebytes Labs, accessed 3/22/2023

How does a zero-day exploit impact individuals and businesses?

Zero-day exploits can lead to major issues for individuals and businesses that have been targeted. Some of the common problems that happen due to a zero-day exploit include corruption of computer programs and files, stolen data, hackers gaining remote access to devices, and installation of spyware or malware to get access to sensitive information.

Individuals and businesses can protect themselves from zero-day exploits through prevention and planned incident response, a defined set of procedures to minimize damage when a zero-day exploit is identified.

Other key prevention tactics include installing and keeping firewall policies up to date, blocking potentially harmful websites, and establishing strict scanning policies for email attachments. Finally, security teams must be vigilant os regularly running vulnerability scans to find and fix issues with the system.