Internet Technology Explained

What Is a Zero Day Vulnerability? [MakeUseOf Explains]

Simon Slangen 07-01-2013

zero day exploitIf you don’t keep your computer protected, it’s very easy to get it infected – as many of you can probably relate to. There are multiple ways to keep your computer clean and your data safe. You can use your common sense to avoid catching a digital cold 7 Common Sense Tips to Help You Avoid Catching Malware The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys... Read More , and install a good anti-virus application.


Another part of securing your computer and your online presence is to stay informed. Stay informed of important security trends and security holes.

One term that often comes up in relation to viruses and security are zero-day exploits, vulnerabilities and attacks. Not too long ago a seven year old Internet Explorer vulnerability was found. Sounds like a long time? It is. To help you get traction on the subject, we’ll explain to you the concept of software vulnerability, zero-day exploits and the window of opportunity.

Software Vulnerability

The average software application consists of an incredible amount of code. As is to be expected, a lot of code is not bullet proof at its conception. For one, bugs slip in. A lot of these bugs are relatively harmless (relative being the key word) – they create a deadlock and cause the application to freeze, or make the application misbehave under certain irregular conditions.

zero day exploit

A more serious security risk arises from the presence of exploitable bugs, or software vulnerabilities. Software vulnerabilities compromise the security of the computer system. Sneaking in through the cracks provided by flawed or insufficiently protected code, malign individuals are sometimes able to execute their own code under the guise of a computer’s own user, or access restricted data (just to name a few of the possibilities).


Simply put, a software vulnerability is a flaw in the software’s design or implementation that can potentially be exploited.

Zero-Day Exploits

A software vulnerability on its own does no harm (yet). First, the attacker has to find the vulnerability and write an exploit; a piece of software that uses the vulnerability to carry out an attack. This (zero-day) attack can take the form of a virus, worm or trojan What Is The Difference Between A Worm, A Trojan & A Virus? [MakeUseOf Explains] Some people call any type of malicious software a "computer virus," but that isn't accurate. Viruses, worms, and trojans are different types of malicious software with different behaviors. In particular, they spread themselves in very... Read More  infecting your computer system.

zero day attack

Often, these software vulnerabilities are first discovered (or brought to the attention of) the software developers, and are fixed in future updates to the application. But if the attacker is able to discover the vulnerability before the developer knows of it, the attacker can write a zero-day exploit. This term derives its name from the fact that the first attacks take place before anyone (most importantly, the developer) has knowledge of the vulnerability.


Vulnerability Window

A zero-day exploit gives the attacker an unprecedented advantage. Because the developer had no knowledge of the exploit, they’re not able to develop a fix and users of the application are entirely without protection. Until the attack is noticed and recorded, even conventional virus scanners are of little use. The vulnerability window describes the time between a vulnerability is first exploited and the developer of the application pushes a patch. This follows a distinct timeline.

  1. The (unknown) vulnerability is introduced in a piece of software.
  2. The attacker finds the vulnerability.
  3. The attacker writes and deploys a zero-day exploit.
  4. The vulnerability is discovered by the software company and it starts developing a fix.
  5. The vulnerability is disclosed publicly.
  6. Anti-virus signatures are released for the zero-day exploits.
  7. The developers release a patch.
  8. The developers finish deploying the patch.

zero day exploit

The zero-day exploit attacks last from point 3 to point 5. According to a recent study, this period lasts ten months on average! However, not that many hosts are usually affected. The biggest strength of zero-day attacks is their relative invisibility, and zero-day attacks are most often used to strike at very specific targets.

A much more dangerous period for the average user lasts from point 5 to point 8, which is the follow-up attack wave. And only on point 6 will those anti-virus applications The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More  start taking effect. According to the same study, other attackers swarm to the vulnerability after its public disclosure, and the volume of attacks increases by up to five orders in magnitude!


After reading the article, how does the seven year old Internet Explorer vulnerability sound? Due to a lack of data, we can’t say for sure how big the vulnerability window exactly was, but it likely wasn’t small. Let us know your thoughts in the comments section below the article!

Image credit: Victor Habbick /

Related topics: Anti-Malware, Trojan Horse.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. brian applegate
    January 30, 2013 at 8:15 pm

    How does a hacker find the weak points of a software program?

    • Simon Slangen
      April 17, 2013 at 12:11 pm

      One way to figure out weak points is to try to trigger craches. Program bugs are often also the weak points. Another possibility is to use a debugging program and try to learn something from the machine code.

  2. Anoop Chengannur
    January 16, 2013 at 4:26 pm

    Great Explanation Simon .. Cheers :)

  3. Elizabeth Sebastian
    January 13, 2013 at 5:19 am

    Great article. Please add to your front page an article about the new Java exploit that even the U.S. Department of Homeland Security has made a priority of alerting computer users about. Tech blogger Leo Laporte was mentioned on tonight's NBC News talking about how it is imperative to disable Java (not Java Script but the Java plugin) in your web browser. Hopefully MUO readers are aware of this but it's still well worth covering and telling them about it.

  4. Scutterman
    January 11, 2013 at 11:39 pm

    The name "Zero Day Exploit" comes from the fact that attackers give the developers zero days notice before releasing an attack (or information about the exploit).

    Less malicious hackers will often use different time periods, such as 13 day exploits or 42 day exploits before releasing information to the media.
    This gives the developers a reason to fix the vulnerability quickly, but also ensures that if they don't then the public are informed and can protect themselves.

  5. Ole Funch
    January 9, 2013 at 6:54 am

    At last an article to be understood, eben for the "man on the floor".

  6. Shakirah Faleh Lai
    January 8, 2013 at 2:25 pm

    Short but informative article.

  7. Chanaka Hettige
    January 8, 2013 at 10:04 am

    Thanks for the interesting info. So what i`m wondering is that the Internet security software do not give enough protection in this aspect, right?

    • Simon Slangen
      January 8, 2013 at 12:46 pm

      Traditional antivirus software is only able to detect known attack vectors, and does very little to nothing to protect against zero-day exploits.

      For the average consumer, the best thing you can do is to keep your applications updated. The ill will towards updates is the main reason patch deployment takes so long.

      For the security expert/enthuse, there are some interesting ideas in the aforementioned study to analyse/deal with zero-day exploits.

      • Lisa Santika Onggrid
        January 8, 2013 at 4:53 pm

        How if the newest update actually has more vulnerabilities in addition of the old one? Does anything like this ever happen?

      • Scutterman
        January 11, 2013 at 11:34 pm

        Antivirus software isn't always useless in the case of zero day exploits. Heuristic analysis is a big part of system protection, and if a new exploit has similar behaviour to a previous exploit then it's more than possible it will be blocked.

  8. Anas Taji
    January 8, 2013 at 8:36 am

    Great Info..%