What are zero-day attacks?

There are a few common, but slightly different definitions of zero-day attacks. Some define zero-day attacks as attacks on vulnerabilities that have not been patched or made public, while others define them as attacks that take advantage of a security vulnerability on the same day that the vulnerability becomes publicly known (zero-day).

But the general definition describes zero-day attacks (or zero-day exploits) as attacks that target publicly known but still unpatched vulnerabilities.

Software vulnerabilities may be discovered by hackers, by security companies or researchers, by the software vendors themselves, or by users. If discovered by hackers, an exploit will be kept secret for as long as possible and will circulate only through the ranks of hackers, until software or security companies become aware of it or of the attacks targeting it. These types of attacks are defined by some as 'less than zero-day' attacks.

The good guys vs the bad guys

If a vulnerability is discovered by "the good guys" – internet security software companies or software vendors – the tendency is to keep it under wraps until the software maker has a patch to fix it. In some cases, however, security researchers or software vendors may have to publicly announce the flaw because users could be able to avoid the problem, for instance by steering clear of a particular website or being sure to not open a certain email attachment. Or the vulnerability might be discovered by a user and wind up on a blog or otherwise be publicly disclosed.

In these cases, the race is on – good guys vs. bad guys. Will the software vendor or a security company come up with a fix for the bug or will hackers learn how to exploit it before the vulnerability is patched?

2010 is known as the “The Year of Zero-Day Vulnerabilities for Browsers”. Adobe products (Flash, Reader), Internet Explorer, Java, Mozilla Firefox, Windows XP and many others were affected by zero-day exploits.

Microsoft attacks

Zero-day attacks targeting Microsoft software often hit right after Microsoft delivers its patches. Cybercriminals have found that they can take advantage of Microsoft's monthly security update cycle by timing new attacks just after Patch Tuesday - the second Tuesday of each month when Microsoft releases its fixes. These attacks will make Microsoft aware of the new vulnerabilities, but unless the vulnerabilities in question are extremely dangerous it will be a month before the software maker has a chance to respond. Security experts have coined the term "zero-day Wednesday" to describe that strategy.

If the only way to avoid zero-day attacks was to wait for the software manufacturer to fix their software, well, you’d be spending a lot of time waiting. While there’s hardly a single “silver bullet” solution to protect your network from all zero-day vulnerabilities, there are some things you and/or your company can put in place to stay safe in the future: good antispam and anti virus protection.