Stay secure over the holidays with the ThreatLocker Lights-Out Checklist

Zero-day vulnerability

Request more information

What is a zero-day vulnerability?

A computer vulnerability is simply a weakness or error in the code of a device or software. Through continual testing, developers attempt to find bugs in their code and release updates that remediate the errors.

A zero-day vulnerability is a vulnerability that does not have a patch available. These are called zero days because the developer has had zero days to implement a solution for the vulnerability.

Zero Day Vulnerability Backdoor Illustration

What is a zero-day vulnerability exploit?

A zero-day vulnerability exploit occurs when a threat actor discovers a way to take advantage of a zero-day vulnerability for nefarious reasons. Once a developer becomes aware of a vulnerability, it may still take time to build a successful patch to address the flaw, giving adversaries more time to exploit the known defect.

Illustration of Padlock and Key

Can a vulnerability scanner or antivirus detect a zero-day?

One thing that makes a zero day especially dangerous is that vulnerability scanners and antivirus can't detect them. Vulnerability scanners and antivirus rely on known vulnerabilities, harmful files, and bad behaviors. As we just learned, zero-day vulnerabilities are new and not yet patched by the developer. Therefore, vulnerability scanners and antivirus won't detect zero days.

Illustration of hacker using zero-day vulnerability to steal information

How do you prevent a zero-day vulnerability attack?

Traditional reactive security tools such as EDR and antivirus/anti-malware can't prevent zero-day cyberattacks. These attacks are best combatted using proactive security techniques. While it is essential to ensure that all software and firmware in an environment are updated with security patching, as these patches are the developer's way of fixing potentially exploitable errors, threat actors can still discover zero-day vulnerabilities.

Allowlisting, such as ThreatLocker Allowlisting that operates using a Zero Trust default deny philosophy will block all applications, libraries, and scripts not contained in the allow list. Should a zero-day vulnerability be exploited, malware and ransomware would be unable to run as they would not be included on the allow list.

Ringfencing provides boundaries around permitted applications to prevent them from interacting with the registry, the internet, protected files, and other applications, including powerful built-in Windows tools such as PowerShell, CMD, and Regsvr32, which are commonly abused in cyberattacks. If a permitted application had a zero-day vulnerability that was exploited, the attack would be unable to progress past the Ringfencing™ barriers, stopping or limiting the potential damage that can be incurred.

Use cases

Take control of your organization's security

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker