Zero-Day Vulnerability
(Redirected from zero-day vulnerability)
Jump to navigation
Jump to search
A Zero-Day Vulnerability is a computer software vulnerability that hackers can exploit such that the user has zero days in which to plan and advise any mitigation.
- AKA: 0-hour Exploit.
- Context:
- It can have a Common Vulnerabilities and Exposures (CVE) Identifier.
- It can be discovered by hackers before the software developer is aware of it, allowing them to exploit the vulnerability before any patches or mitigations are available.
- It can involve sophisticated attack techniques, making detection and prevention particularly difficult.
- It can range from being a Minor Software Vulnerability with limited impact to being a Major Security Flaw that can compromise an entire system or network.
- It can lead to devastating consequences, particularly in critical infrastructures, such as when used in Stuxnet attacks on industrial systems.
- ...
- Example(s):
- Microsoft Windows Zero-Day Vulnerabilities, such as those exploited by the WannaCry ransomware attack, which leveraged a flaw in the SMB protocol to spread rapidly across networks.
- Siemens Industrial Control System Zero-Day Vulnerabilities, such as those exploited by Stuxnet, which targeted PLCs (Programmable Logic Controllers) to disrupt Iran's nuclear enrichment program.
- Adobe Flash Zero-Day Vulnerabilities, which were frequently exploited in critical attacks, such as those targeting outdated versions of Flash Player before patches were available.
- Microsoft Exchange Server Zero-Day Vulnerabilities, which were used in 2021 to breach corporate networks, allowing attackers to steal sensitive data and gain persistent access.
- Google Chrome Zero-Day Vulnerabilities, which have been discovered and exploited in the wild, often requiring immediate patching to protect users from drive-by downloads and other web-based attacks.
- EternalBlue Zero-Day Vulnerability (CVE-2017-0144), which was exploited by the **WannaCry ransomware attack** and **NotPetya**, allowing attackers to remotely execute code through the Microsoft Windows SMB protocol, leading to massive global disruptions.
- Log4Shell Zero-Day Vulnerability (CVE-2021-44228), a critical flaw in the Apache Log4j library that enabled remote code execution, affecting a large number of enterprise systems in cloud environments.
- Zerologon Zero-Day Vulnerability (CVE-2020-1472), which allowed attackers to exploit the Microsoft Netlogon protocol and gain domain controller privileges in enterprise networks.
- Kaseya VSA Zero-Day Vulnerability, used in 2021 by the REvil ransomware group to target managed service providers and their clients, leading to widespread compromise of IT infrastructure.
- SonicWall VPN Zero-Day Vulnerability (CVE-2021-20016), which affected Secure Mobile Access (SMA) devices and led to security breaches before patches were released.
- ...
- Counter-Example(s):
- Known System Vulnerability, which has been identified and for which patches or mitigations are available.
- See: Computer Security, Threat (Computer), Vulnerability (Computing), Stuxnet.
References
2016
- (Wikipedia, 2016) ⇒ https://en.wikipedia.org/wiki/Zero-day_(computing) Retrieved: 2016-8-17.
- A zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers, or a network. It is known as a "zero-day" because once the flaw becomes known, the software's author has zero days in which to plan and advise any mitigation against its exploitation (for example, by advising workarounds or by issuing patches). Attacks employing zero-day exploits are often attempted by hackers before or on the day that notice of the vulnerability is released to the public; sometimes before the author is aware or has developed and made available the corrected code. Zero-day attacks are a severe threat.