Here’s What You Need to Know About Zero-Day Vulnerabilities

Zero-day vulnerabilities pop-up in the news fairly frequently—especially if you follow cybersecurity news. But the name alone doesn’t tell you much, despite the fact that these vulnerabilities are extremely dangerous.

When you read an article in the news (or in this newsletter) that talks about a company like Microsoft patching a zero-day vulnerability, it doesn’t necessarily refer to the threat itself in any meaningful way. “Zero-day” isn’t used to denote a security flaw that is as severe as they come. In fact, security researchers usually label severe vulnerabilities as “critical” in those cases.

However, you’ll often see zero-days labeled as critical because of what they are. In short, zero-days are vulnerabilities with exploits developers or researchers were not aware of until now. That’s bad news, because software developers always want to be the first to find a flaw in their software. If they see something wrong before anyone else, they can quietly work on a fix and issue a patch to their users with no one the wiser. However, a zero-day means someone outside the circle of trust knew about the flaw, threatening the user base.

When software developers discover a zero-day, either through their own research or through third-party discoveries, they jump into action, and race to develop a patch as soon as possible. In some cases, it isn’t clear whether bad actors have used an exploit to attack users of the software through the security flaw. In other cases, it’s apparent, in which case the zero-day is referred to as “actively exploited.” An actively exploited zero-day is the worst, because there are bad actors actively targeting customers, in which case a patch is required ASAP.

It’s essential to download and install any security patches as soon as they come in. However, in the event of a zero-day, it’s imperative. Installing a patch that fixes a zero-day flaw can mean the difference between your system being attacked and your system being protected.