What is a Zero-Day?
A zero-day vulnerability is a software flaw unknown to those who should be fixing it. "Zero-day" refers to the fact that developers have had zero days to fix the problem because they don't know it exists.
zero-day-timeline
[DAY 0] Vulnerability discovered by attacker
[DAY ?] Exploit developed and used in attacks
[DAY ?] Vulnerability discovered by vendor
[DAY ?] Patch released to users
Why Zero-Days Are Dangerous
- No patch available - Can't be fixed until discovered
- Antivirus won't detect - Unknown attack signatures
- High value targets - Used against governments, corporations
- Expensive - Sold for $100K-$2M+ on black market
Nation-State Weapons
Zero-days are stockpiled by intelligence agencies. Stuxnet used 4 zero-days. WannaCry exploited an NSA zero-day leak.
How to Minimize Risk
You can't prevent zero-days, but you can reduce exposure:
- Update immediately when patches release
- Reduce attack surface - Remove unused software
- Use sandboxing - Isolate high-risk applications
- Network segmentation - Limit breach spread
- Behavior-based detection - EDR/XDR solutions
- Principle of least privilege - Limit user permissions
Notable Zero-Days
| Name | Year | Target |
|---|---|---|
| Stuxnet | 2010 | Iranian nuclear facilities |
| EternalBlue | 2017 | Windows SMB (WannaCry) |
| Log4Shell | 2021 | Apache Log4j |
| Pegasus | 2016-2021 | iOS/Android (NSO Group) |