Zero-Day Vulnerability

A software vulnerability that is unknown to the vendor or the public at the time it's discovered or first exploited. "Zero-day" means developers have had zero days to fix it because they weren't aware of it.

‍

These vulnerabilities often have no patch available initially, and attackers can use them to compromise systems in a stealthy way (since traditional defenses might not recognize the attack). Zero-day exploits are somewhat rare and usually used in targeted attacks (they are valuable to attackers precisely because they evade detection). For example, if your browser has a zero-day flaw, an attacker might craft a malicious webpage that, when visited, silently runs code on your machine - even up-to-date antivirus might not catch it, because it's truly new behavior.

‍

For small to medium businesses, defending against zero-days is tricky - you can't patch what you don't know about. However, general good practices help: employing a layered defense (so even if one layer is breached via a zero-day, others might catch the attack's actions) and keeping systems otherwise fully patched (so attackers don't need to waste a precious zero-day on you; they often try easier known bugs first).

‍

Additionally, behavior-based security tools (like some EDR systems) can sometimes detect zero-day exploitation by spotting suspicious actions even if the specific exploit isn't known. When a zero-day is announced publicly, treat it with high priority - apply any workarounds and patch as soon as a fix comes.

‍

Essentially, zero-days remind us that no system is 100% secure - so having incident response capabilities is as important as preventative measures.