zero-day exploit
Home > Security Definitions - Zero-day exploit
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

zero-day exploit

Show me everything on Security Patch Management


Word of the Day


DEFINITION - A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, that person or company can notify the software company and sometimes the world at large so that action can be taken to repair the exposure or defend against its exploitation. Given time, the software company can repair and distribute a fix to users. Even if potential hackers also learn of the vulnerability, it may take them some time to exploit it; meanwhile, the fix can hopefully become available first.

With experience, however, hackers are becoming faster at exploiting a vulnerability and sometimes a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent on the same day. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection of an exploit.

A study released by Symantec in early 2004 found that although the number of vulnerabilities discovered was about the same in 2003 as in 2002, the time between the vulnerability and exploits based on it had narrowed. According to the infoAnarchy wiki, "14-day" groups and "7-day" groups carry out an exploit within 14 or 7 days of a product's market release. Conducting a zero-day exploit establishes crackers as members of the elite, because they must have covert industry connections to gain the inside information needed to carry out the attack.

Learn more about Security Patch Management
How to deploy Microsoft patches without Active Directory or SMS: What is the simplest way to deploy Microsoft patches to 100+ desktops if you do not have Active Directory or SMS?
Step-by-Step Guide: Best practices for security patch management: This step-by-step guide offers best practices on how to deploy a security patch and provides the tools you will need to mitigate the risk of a compromised computer.
Patch deployment timeline: What is a typical patch deployment timeline from the announcement phase to completion for a mid- to large company?
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Prove your patching prowess: Is Patch Tuesday the bane of your existence? Take our quiz and learn best practices for better patch management.
Curing the Patch Management Headache: Common Issues with Testing: In this excerpt from Chapter 8 of Curing the Patch Management Headache, author Felicia M. Nicastro explains the importance of properly testing patches and the common challenges some organizations ...
Best practices for patch management: Drowning in a sea of patches? Register for a live webcast where our guest will share best practices for patch management. Until then, peruse the resources we've collected here.
Infosec Know IT All Trivia: Patch management: Get up to speed on patch management with our trivia.

CONTRIBUTORS: Catherine Engelke
LAST UPDATED: 04 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- SearchSecurity.com's Edward Hurley writes about the Symantec report.
- On About.com, Tony Bradley writes about "Zero-Day Exploits - The Holy Grail."
- Brent Huston offers advice about how to "Protect against zero day exploits."





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Squad: Tokenization, Phishing and the Feds
SearchSecurity.com editors discuss Microsoft's record breaking patching month, DHS plans to hire cybersecurity pros, the FBI crackdown on a massive...
Should management processes change based on a patch release schedule?
Expert Michael Cobb explains why planned patch release schedules, though helpful, may alter they way you handle the deployment of your own updates.
Should Windows Mobile updates come from Microsoft?
As mobile phones become more like mini PCs, they need similar add-on security tools and patch processes to keep them safe. Michael Cobb reviews how to...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
attack vector  (SearchSecurity.com)
back door  (SearchSecurity.com)




Get More zero-day exploit Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts