Zero-Day Vulnerability

What is a zero-day vulnerability?

A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.

Because they were discovered before security researchers and software developers became aware of them—and before they can issue a patch—zero-day vulnerabilities pose a higher risk to users for the following reasons:

  • Cybercriminals race to exploit these vulnerabilities to cash in on their schemes
  • Vulnerable systems are exposed until a patch is issued by the vendor.

Zero-day vulnerabilities are typically involved in targeted attacks; however, many campaigns still use old vulnerabilities.

Related terms : Exploit, Zero-day exploit, vulnerability

Related papers/primers :

Related infographics : Dodging a Compromise: A Peek at Exposure Gaps

Products : Trend Micro™ Vulnerability Protection, Trend Micro™ Deep Security