Zero-Day Threat

What Does Zero-Day Threat Mean?

A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

Advertisements

Attackers exploit zero-day vulnerabilities through different vectors. Web browsers are the most common, due to their popularity. Attackers also send emails with attachments exploiting software attachment vulnerabilities.

A zero-day threat is also known as a zero-hour attack or day-zero attack.

Techopedia Explains Zero-Day Threat

Zero-day exploits are often put up by renowned hacker groups. Typically, the zero-day attack exploits a bug that neither developers, nor the users, know about. Indeed, this is exactly what the malicious coders anticipate. By discovering a software vulnerability before the software’s developers do, a hacker can make a worm or virus that can be used to exploit the vulnerability and harm computers.

Not all zero-day attacks actually take place before the software developers discover the vulnerability. In certain cases, the developers discover and understand the vulnerability; however, it may take some time to develop the patch to fix it. Also, software makers may occasionally postpone a patch release to avoid flooding users with several individual updates. If the developers find that the vulnerability is not extremely dangerous, they may decide to postpone the patch release until a number of patches are collected together. Once these patches are collected, they are released as a package. However, this strategy is risky because could invite a zero-day attack.

Zero-day attacks occur within a time frame, known as the vulnerability window. This extends from the first vulnerability exploit to the point at which a threat is countered. Attackers engineer malicious software (malware) to exploit common file types, compromise attacked systems and steal valuable data. Zero-day attacks are carefully implemented for maximum damage – usually in the span of one day. The vulnerability window could range from a small period to multiple years. For instance, in 2008, Microsoft revealed an Internet Explorer vulnerability that infected a few versions of Windows released during 2001. The date in which this vulnerability was initially discovered by the attacker is unknown, but the vulnerability window in such a case might have been as much as seven years.

Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Featured Content

Traders Think This Gaming Token Could Explode 10X For its Daily Passive Income Offer Up to 10000 USDT

Alan Draper11 years
dummy_img
Artificial Intelligence

Meta’s SeamlessM4T: One Step Closer to Universal Language Translation

Dr. Tehseen Zia11 years
dummy_img
Blockchain

Can Global Cooperation Achieve Consistent Stablecoin Regulation?

Iliana Mavrou11 yearsCrypto Writer
dummy_img
Blockchain

Is Polygon’s POL Upgrade The Future Of Multi-Chain Staking?

John Isige11 yearsCrypto Writer
dummy_img
Featured Content

Chimpzee Continues To Wow Crypto Community With Charity Events, Presale Heating Up

Alan Draper11 yearsEditor-in-Chief
dummy_img
Artificial Intelligence

The Future of Dark AI Tools: What to Expect Next?

Tim Keary11 yearsTechnology Expert

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
Trading
Trading
VoIP
VoIP
VPN
VPN