We often hear of Zero Day attacks, vulnerabilities or exploits. We have also heard of Zero-Day patches. This article helps you know what is a Zero Day attack, exploit, or vulnerability. Zero-Day attacks generally refer to attacks on vulnerabilities, where there is a zero-day gap between the found vulnerability, and the attack taking place.
Zero Day attack, exploit, or vulnerability
A Zero-day vulnerability is a hole in software, firmware or hardware that is not yet known to the user, vendor or developer, and is exploited by hackers, before a patch for it is issued. Such attacks are called Zero-day exploits. Thus a Zero Day attack is an exploit done before the developer of the software or the manufacturer of the hardware can patch the Zero-Day Vulnerability. Thus, the “vulnerability” is waiting for a patch or vendor fix, while the “attack” to exploit the vulnerability takes place.
There can be many types of Zero-Day Attacks. This includes attacking a system to gain access to it, injecting malware, spyware, or adware. This attack is done before the manufacturer is even aware of the vulnerability and hence there is a sense of emergency to patch it up.
Once the patch is made available, the vulnerability is no longer a “Zero Day vulnerability”.
A Zero-Day vulnerability is usually detected either by hackers or by some third-party security firm. In the case of hackers, they make good use of vulnerability until it is fixed. In case a third-party security firm discovers a Zero-Day Flaw or a Zero-Day Vulnerability, they inform the manufacturers of the software or hardware system so that they can rush to work on a fix, usually known as a Zero-Day patch, and give it some time to patch it.
How Microsoft deals with Vulnerabilities
Normally, there is a Patch Tuesday at Microsoft.Microsoft uses various terms to describe the software updates and patches released by it. On every second Tuesday of a month, Microsoft releases a set of patches or fixes that apply to its range of products, including the Windows operating system. The patches are normally for vulnerabilities or problems found in case of routine software life cycle maintenance.
A Security Update is a widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low.
Then there are Critical releases of patches that come out of the turn. If there is something very critical and cannot wait for next Patch Tuesday, Microsoft issues a Security Advisory along with a patch, which is usually aimed at patching up Zero-Day vulnerabilities, referred by third-party security firms.
Sometimes, there are other types of critical vulnerabilities that are found while auditing a software and which need immediate attention. Microsoft will issue an Advisory in such cases too, but this cannot be technically categorized as Zero-Day as it is Zero-Day Vulnerability only if the manufacturer is not aware of the vulnerability until informed by some third party – hackers or third-party security firms.
Read: Windows Patching best practices and guidance
How to deal with Zero-Day Attacks & Vulnerabilities
You cannot do much in case of Zero-Day Vulnerability, except to wait for a patch issued by the manufacturer of software or hardware in question. You may have noticed that zero-day vulnerabilities are often found in software like Adobe Flash and Java. Once the patch is released and you are informed, get the patch applied as soon as possible.
It also helps to keep things such as operating systems, installed software and browsers updated. In most cases, there are popular programs like browsers and operating systems that are scanned for Zero-Day vulnerabilities and misused by the cybercriminals. Though not full protection, you are somewhat protected if your software and firmware (hardware) are up to date with all the updates released for the products – at least you won’t be exploited via known vulnerabilities if you are up to date. Deploying an Intrusion Detection Software Anti-Exploit Tool or a Firewall that can detect such attacks can help.