What is a zero-day vulnerability?

Find out what a zero-day vulnerability is and if there’s anything you can do to protect yourself against them.

Programming code abstract technology background of software developer and  Computer script

Image: iStockphoto/monsitj

Chances are pretty good you’ve heard the term zero-day vulnerability. The term conjures up images of post-apocalyptic landscapes, where technology has either hit a singularity-level madness, or has reverted back to the days of CRT monitors and green screens. Max Headroom has returned and sand is the new currency.

Or not.

Truth be told, zero day is not even remotely as ominous. It is, however, quite serious. In fact, of all the known vulnerabilities, zero day can often pose the most risk. Why? The reason is in the very definition.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

What are zero-day vulnerabilities?

A zero-day vulnerability is a flaw in a piece of software that is unknown to the programmer(s) or vendor(s) responsible for the application(s). Because the vulnerability isn’t known, there is no patch available.

In other words, the vulnerability has been discovered by someone who isn’t directly involved with a project. The term zero day refers to the days between the time the vulnerability was discovered and the first attack against it. After a zero-day vulnerability has been made public, it is then referred to as an n-day vulnerability.

Here’s how the zero day timeline works:

  1. A person or company creates a piece of software that includes a vulnerability, but is unknown to those involved with programming or distribution.
  2. Someone (outside of those responsible for the software) discovers the vulnerability before a developer has a chance to locate or fix the problem.
  3. The person who discovers the vulnerability creates malicious code to exploit the vulnerability.
  4. The exploit is released.
  5. Those responsible are informed of the exploit and patch their software.
  6. The vulnerability…