Attacks

Zero-day vulnerability

What is a zero-day vulnerability?

A zero-day vulnerability is a flaw in software for which the vendor has no update available yet. When it is exploited before a fix exists, the event is called a zero-day attack. The name refers to the zero days the vendor had to correct the flaw.

For a business without an IT department, the timeline matters most. While the flaw remains unknown, there is little you can aim at. As soon as the vendor publishes an update, the flaw is publicly described and hunted by many attackers, because they now know what to look for. The most dangerous window for your business therefore lies between the release of the update and the day you install it. That window is the one you can shorten yourself.

When a warning arrives, from the vendor, from CERT.at, from the Onlinesicherheit initiative or through the press, one plain question comes first: does this affect software we actually use? Only an IT inventory answers it, meaning a list of the systems, programs and version levels in use, together with a note of which services are reachable from the internet. Without that list, every warning stays inconsequential, because nobody can translate it into your own environment.

While no update exists, vendors frequently publish a workaround. Typical steps include switching off the affected function, restricting access to the internal network or to VPN users, meaning the encrypted connection into the company network, and increasing the level of logging. Once the update appears, it is installed promptly. A check follows to establish whether the system had already been attacked beforehand. Indicators include new user accounts, altered files and outbound connections to unfamiliar destinations.

Damage limitation rests on measures that work regardless of which flaw was used. A segmented network, meaning a network divided into separate zones, stops a compromised server from opening the way to accounting and production. Tight permissions limit the reach. Behavioural detection on the devices reports unusual activity even when the route of attack is new. Verified backups restore the business. The IT Check records which systems are reachable from the internet, how current your patch levels are and whether a fixed procedure exists for handling security warnings.

All terms in the knowledge base

From the term to practice

Where does your business actually stand?

The IT Check reviews your IT across 8 audit areas with more than 100 individual checks and delivers documented findings with a prioritised action plan. From 1,299 € excl. VAT. The first call takes 20 minutes and carries no charge.

Book a first call