What’s a Zero-Day? — 6point6

What’s a Zero-Day?

So what is a zero-day vulnerability? Simply, a new vulnerability that hasn’t yet been disclosed or publicly discovered. Day zero is when it is first detected in the wild, or publicly released.

On the Defensive

Whilst zero-days are undoubtedly interesting, we should arguably be more concerned with the payload of an attack. The vulnerability itself will typically get patched soon, but that doesn’t mean we’re now secure, as what did the attacker actually do with that exploit?

An Attacker’s Perspective

Whilst most attackers would love a cupboard full of zero-day vulnerabilities, it’s outside of the capability or budget of all but the most well-funded and skilled organisations. Finding a new vulnerability in a targeted system can take weeks or months. Plus, as mentioned above, a single vulnerability is rarely enough on its own.

Other Factors

There are some other factors related to vulnerabilities that aren’t often considered but can dramatically increase or decrease the efficacy of a single vulnerability. For example, one important factor that dramatically increases the danger a vulnerability poses is if the exploit is wormable, meaning it can spread without any user interaction. The most well known recent examples would be the different SMB vulnerabilities, such as Bluekeep and the recent SMB bugs.

Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.