What Is a Zero Day Vulnerability? [MakeUseOf Explains]

Ads by Google

zero day exploitIf you don’t keep your computer protected, it’s very easy to get it infected – as many of you can probably relate to. There are multiple ways to keep your computer clean and your data safe. You can use your common sense to avoid catching a digital cold, and install a good anti-virus application.

Another part of securing your computer and your online presence is to stay informed. Stay informed of important security trends and security holes.

One term that often comes up in relation to viruses and security are zero-day exploits, vulnerabilities and attacks. Not too long ago a seven year old Internet Explorer vulnerability was found. Sounds like a long time? It is. To help you get traction on the subject, we’ll explain to you the concept of software vulnerability, zero-day exploits and the window of opportunity.

Software Vulnerability

The average software application consists of an incredible amount of code. As is to be expected, a lot of code is not bullet proof at its conception. For one, bugs slip in. A lot of these bugs are relatively harmless (relative being the key word) – they create a deadlock and cause the application to freeze, or make the application misbehave under certain irregular conditions.

zero day exploit

A more serious security risk arises from the presence of exploitable bugs, or software vulnerabilities. Software vulnerabilities compromise the security of the computer system. Sneaking in through the cracks provided by flawed or insufficiently protected code, malign individuals are sometimes able to execute their own code under the guise of a computer’s own user, or access restricted data (just to name a few of the possibilities).

Ads by Google

Simply put, a software vulnerability is a flaw in the software’s design or implementation that can potentially be exploited.

Zero-Day Exploits

A software vulnerability on its own does no harm (yet). First, the attacker has to find the vulnerability and write an exploit; a piece of software that uses the vulnerability to carry out an attack. This (zero-day) attack can take the form of a virus, worm or trojan infecting your computer system.

zero day attack

Often, these software vulnerabilities are first discovered (or brought to the attention of) the software developers, and are fixed in future updates to the application. But if the attacker is able to discover the vulnerability before the developer knows of it, the attacker can write a zero-day exploit. This term derives its name from the fact that the first attacks take place before anyone (most importantly, the developer) has knowledge of the vulnerability.

Vulnerability Window

A zero-day exploit gives the attacker an unprecedented advantage. Because the developer had no knowledge of the exploit, they’re not able to develop a fix and users of the application are entirely without protection. Until the attack is noticed and recorded, even conventional virus scanners are of little use. The vulnerability window describes the time between a vulnerability is first exploited and the developer of the application pushes a patch. This follows a distinct timeline.

  1. The (unknown) vulnerability is introduced in a piece of software.
  2. The attacker finds the vulnerability.
  3. The attacker writes and deploys a zero-day exploit.
  4. The vulnerability is discovered by the software company and it starts developing a fix.
  5. The vulnerability is disclosed publicly.
  6. Anti-virus signatures are released for the zero-day exploits.
  7. The developers release a patch.
  8. The developers finish deploying the patch.

zero day exploit

The zero-day exploit attacks last from point 3 to point 5. According to a recent study, this period lasts ten months on average! However, not that many hosts are usually affected. The biggest strength of zero-day attacks is their relative invisibility, and zero-day attacks are most often used to strike at very specific targets.

A much more dangerous period for the average user lasts from point 5 to point 8, which is the follow-up attack wave. And only on point 6 will those anti-virus applications start taking effect. According to the same study, other attackers swarm to the vulnerability after its public disclosure, and the volume of attacks increases by up to five orders in magnitude!

After reading the article, how does the seven year old Internet Explorer vulnerability sound? Due to a lack of data, we can’t say for sure how big the vulnerability window exactly was, but it likely wasn’t small. Let us know your thoughts in the comments section below the article!

Image credit: Victor Habbick / FreeDigitalPhotos.net

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
132 Members
Deep Web Communities
Deep Web Communities
80 Members
Best Anonymity Tools
Best Anonymity Tools
73 Members
Technology Explained
Technology Explained
61 Members
Best Music Services
Best Music Services
43 Members
Online Security Tips
Online Security Tips
41 Members
Web for Kids
Web for Kids
32 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
19 Members
Ads by Google
Comments (12)
  • brian applegate

    How does a hacker find the weak points of a software program?

    • Simon Slangen

      One way to figure out weak points is to try to trigger craches. Program bugs are often also the weak points. Another possibility is to use a debugging program and try to learn something from the machine code.

  • Anoop Chengannur

    Great Explanation Simon .. Cheers :)

  • Elizabeth Sebastian

    Great article. Please add to your front page an article about the new Java exploit that even the U.S. Department of Homeland Security has made a priority of alerting computer users about. Tech blogger Leo Laporte was mentioned on tonight’s NBC News talking about how it is imperative to disable Java (not Java Script but the Java plugin) in your web browser. Hopefully MUO readers are aware of this but it’s still well worth covering and telling them about it.

  • Scutterman

    The name “Zero Day Exploit” comes from the fact that attackers give the developers zero days notice before releasing an attack (or information about the exploit).

    Less malicious hackers will often use different time periods, such as 13 day exploits or 42 day exploits before releasing information to the media.
    This gives the developers a reason to fix the vulnerability quickly, but also ensures that if they don’t then the public are informed and can protect themselves.

  • Ole Funch

    At last an article to be understood, eben for the “man on the floor”.
    Thx

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.