Weissblick - Fotolia
In any business environment continuously driven by software, flaws discovered and used by bad actors can be devastating. Problems discovered in firmware, hardware, OSes and software applications must be remedied by the developer and released as a software patch, which will fix the flaw so it no longer becomes a threat.
Yet, what if the developer never discovered a flaw? Alternatively, what if the developer discovered a flaw but didn't bother to fix it in a timely manner? This is what's known as zero-day. This term is used because the developer had literally no time -- zero days -- to fix the flaw before the bad guys knew about it. Thus, time is of the essence to get a patch released.
Getting a bit more technical, you'll often hear about two similar sounding -- yet very different -- zero-day terms. The first term is zero-day vulnerability. This is when software has a flaw known to the developer, but the developer does not yet have a patch ready to be released.
If a patch is not released in time, nefarious actors can create a zero-day exploit -- our second term. A zero-day exploit is a software package coded to take advantage of the known zero-day vulnerability. In most cases, a zero-day exploit is packaged as malware. Zero-day exploits are often highly successful until they become widely known and either the software is patched or other security measures are put in place to successfully identify and block the exploit.
Guarding against zero-days -- whether deemed vulnerability or exploit -- should be high on any CISO's priority list. The exploit takes advantage of exposed software without an available patch. As a result, CISOs must put security teams on notice when a known zero-day vulnerability is announced so they can work to remediate the risk a zero-day exploit could have on the organization.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Andrew Froehlich
Audio and video conferencing each have benefits and drawbacks. Learn the difference between audio and video conferencing to decide which best suits ... Continue Reading
For some users, Zoom Meetings is all they will need; others may opt for Zoom Rooms. Learn about the features each service provides and the supported ... Continue Reading
Explore the steps organizations must take to upgrade their network infrastructure, including how to tell if an upgrade is necessary and how to ... Continue Reading