{"id":54999,"date":"2022-11-15T20:05:50","date_gmt":"2022-11-15T16:05:50","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=54999"},"modified":"2024-01-11T15:23:15","modified_gmt":"2024-01-11T11:23:15","slug":"what-is-a-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/what-is-a-zero-day-vulnerability\/","title":{"rendered":"What Is a Zero-Day Vulnerability?"},"content":{"rendered":"<p>A zero-day vulnerability is a security flaw in an operating system, application, or device that typically has been identified by threat actors, may or may not have been disclosed to or by the software vendor that created the software with the flaw, and has not yet been patched.<!--more--><\/p>\n<p>In some cases, the term \u201czero-day vulnerability\u201d gets inadvertently mixed up with other related terms that actually have contextually different meanings, including:<\/p>\n<ul>\n<li><strong>Zero-day exploit<\/strong> \u2013 this is a method or technique used by attackers to take advantage of the zero-day vulnerability for initial access, elevated privileges, discovery, or data exfiltration<\/li>\n<li><strong>Zero-day attack<\/strong> \u2013 this refers to an overarching attack that involves using the zero-day exploit.<\/li>\n<\/ul>\n<p>For example, last year, Internet-facing Microsoft Exchange servers were the target of an attack by a threat group Hafnium. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/\" target=\"_blank\" rel=\"noopener noreferrer\">According to Microsoft<\/a>, the group took advantage of four zero-day vulnerabilities:<\/p>\n<ul>\n<li>A <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener noreferrer\">server-side request forgery (SSRF) vulnerability<\/a> in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.<\/li>\n<li>An <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26857\" target=\"_blank\" rel=\"noopener noreferrer\">insecure deserialization vulnerability<\/a> in the Unified Messaging service, allowing Hafnium to run code as SYSTEM on the Exchange server.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26858\" target=\"_blank\" rel=\"noopener noreferrer\">Two post-authentication arbitrary file write vulnerabilities<\/a> in Exchange, allowing Hafnium to write a file to any path on the server.<\/li>\n<\/ul>\n<p id=\"last\">The four vulnerabilities are the zero-day vulnerabilities, Hafnium\u2019s methods of taking advantage of these are the zero-day exploits, and the Hafnium attack overall is a zero-day attack.<\/p>\n<div id=\"slidebox\"><a class=\"close\">\u00a0<\/a><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-e6824cd7-ceb3-465a-9f93-4509b71ce559\" data-portal=\"5442029\" data-id=\"e6824cd7-ceb3-465a-9f93-4509b71ce559\"><span class=\"hs-cta-node hs-cta-e6824cd7-ceb3-465a-9f93-4509b71ce559\" id=\"hs-cta-e6824cd7-ceb3-465a-9f93-4509b71ce559\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/e6824cd7-ceb3-465a-9f93-4509b71ce559\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-e6824cd7-ceb3-465a-9f93-4509b71ce559\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/e6824cd7-ceb3-465a-9f93-4509b71ce559.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n<h2>Why Be Concerned About Zero-Day Vulnerabilities?<\/h2>\n<p>Zero-day vulnerabilities have been around as long as there have been modern-day computers. The issue isn\u2019t the presence of the vulnerability, but the existence of threat actors intent on discovering and misusing these vulnerabilities as part of cyberattacks. Modern-day <a href=\"https:\/\/www.msp360.com\/resources\/blog\/how-ransomware-gangs-are-recruiting-insiders\/\">ransomware gangs<\/a> are now soliciting <a href=\"https:\/\/www.digitalshadows.com\/blog-and-research\/vulnerability-intelligence-whats-the-word-in-dark-web-forums\/\" target=\"_blank\" rel=\"noopener noreferrer\">zero-day exploits from the dark web<\/a> to the tune of millions of dollars \u2013 turning the finding of zero-day vulnerabilities into a viable business practice.<\/p>\n<p>So, why should MSPs be concerned?<\/p>\n<p>Think about the problem these vulnerabilities create: a zero-day exploit that takes advantage of a zero-day vulnerability uses a specific method that has never been seen before. Assuming you have some form of endpoint security in place, depending on how the solution detects malicious code and\/or behaviors, a zero-day exploit may run undetected, providing the threat actor with access in stealth.<\/p>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/resources\/blog\/why-dark-web-monitoring-should-be-top-of-mind-for-msps\/\" target=\"_blank\" rel=\"noopener\">Why\u00a0<span class=\"ss360-highlight\">Dark<\/span>\u00a0<span class=\"ss360-highlight\">Web<\/span>\u00a0Monitoring Should Be Top of Mind for MSPs<\/a><\/p>\n<h2>Addressing Zero-Day Vulnerabilities<\/h2>\n<p>While, at first glance, logic would dictate that you can\u2019t protect against a threat no one is aware of, the first way to deal with a zero-day vulnerability is to continually check with the vendor for a patch or workaround to secure the system or application.<\/p>\n<p>In the case of zero-day vulnerabilities on endpoints (those that exist within the operating system, services, or applications), it\u2019s necessary for MSPs to take advantage of security solutions that do not require threat intelligence updates to identify a zero-day exploit that hasn\u2019t been seen before\u2026 ever.<\/p>\n<p>Deep Learning-based detection on the endpoint provides the MSP and its customers with an ability to identify not only when code is malicious, but down to specifically which parts are malicious, ensuring that evasion and obfuscation techniques designed to keep malicious code from being detected are useless.<\/p>\n<p>By updating systems as quickly as possible, as well as by putting <a href=\"https:\/\/www.msp360.com\/solutions\/endpoint-prevention-and-protection\/\">Deep Learning-based endpoint protection<\/a> in place, MSPs proactively can protect their customers\u2019 environments against zero-day vulnerabilities with a high efficacy rate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A zero-day vulnerability is a security flaw in an operating system, application, or device that typically has been identified by threat actors, may or may not have been disclosed to or by the software vendor that created the software with the flaw, and has not yet been patched.<\/p>\n","protected":false},"author":85,"featured_media":55000,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,884],"tags":[],"class_list":["post-54999","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-articles","category-msp-business-articles"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/85"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=54999"}],"version-history":[{"count":8,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54999\/revisions"}],"predecessor-version":[{"id":57454,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54999\/revisions\/57454"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media\/55000"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=54999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=54999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=54999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}