IronSights

Threats & attacks

Zero-day vulnerability

A software vulnerability that is unknown to the vendor or has no patch available, leaving systems exposed to exploitation with no vendor-supplied defence.

Also known aszero-day0-dayzero day exploit

In plain English

A zero-day is a security flaw that the software maker doesn't know about yet — so there's no patch available. Attackers who discover or buy zero-days have a window to exploit them freely until the vendor becomes aware and releases a fix. This is why rapid patch deployment (an Essential Eight control) is so critical once patches do become available.

Full definition

Most attacks rely on known vulnerabilities with available patches. Zero-days are different. The vendor doesn't know the flaw exists, so there's nothing to patch. When a zero-day is actively exploited, defenders are working without a net.

They're also genuinely rare in the wild. Nation-state groups and sophisticated criminal organisations trade them because they're hard to find and expensive to burn. The 2021 Microsoft Exchange Server zero-days, known as ProxyLogon, were a sharp illustration: tens of thousands of organisations worldwide were compromised before a patch was available, including Australian government agencies. The issued an emergency advisory within hours of public disclosure.

How you limit the damage

You can't patch what doesn't have a patch yet. What you can control is how much damage an attacker can do if they get through. stops . Least-privilege access limits what an attacker can reach from a compromised account. tools can flag unusual behaviour even when the attack method is new. A zero-day landing in a well-segmented, well-monitored environment causes far less damage than the same exploit hitting a flat network with no visibility.

  • Segment your network so a compromised endpoint can't reach your finance systems directly
  • Apply least-privilege access so have limited reach
  • Deploy EDR across all endpoints to catch abnormal behaviour patterns
  • Maintain offline or immutable backups so delivered via a zero-day can't destroy your recovery options

Keep learning

More terms in the IronSights Glossary.