Prioritizing Zero-day Vulnerabilities

Zero-day vulnerabilities are flaws in software applications that are unknown to software or antivirus vendors. Due to being unknown, they are extremely difficult to anticipate and plan against. However, there are steps that can be taken to mitigate the impact of a potential attack.

What are Zero-day vulnerabilities?

Antivirus software, at its core, is a library of known vulnerabilities and viruses that constantly runs on machines to detect whether the machine has a file(s) matching any within the library.

Zero-day vulnerabilities are attacks or exploits that are unknown to antivirus software and vendors. Attackers can use the vulnerability to create complex issues within software before detection (hence 'Zero-day').

Zero-day vulnerability example

One of the larger, more recent vulnerabilities was the Log4Shell vulnerability (CVE-2021-44228), which attacked Log4j by allowing requests to arbitrary LDAP and JNDI servers. The result was that attackers could execute arbitrary Java to machines allowing access to sensitive information.

This vulnerability is being described as one of the largest vulnerabilities in internet history, and is borderline catastrophic.

How to mitigate Zero-day vulnerabilities

As the name suggests, there isn't a perfect way to protect against zero-day vulnerabilities, but there are actions that can be taken to mitigate the extent of impact. Below are several practices to help mitigate the severity of attacks.

Patch Management

Deploying software patches as soon as possible for newly discovered software is a strong practice. Although it doesn't protect against initial infiltration, the practice can help resolve and patch vulnerabilities before an attacker has the ability to execute.

Sanitize and Validate Inputs

In our previous post titled, Common Types of CyberAttacks, we touched upon Cross-Site Scripting (XSS) attacks, which are often executed through web application inputs. It is a best practice to sanitize and validate all inputs so that scripts cannot be injected into the forms. If an attacker is able to execute a script in an input, then they can often gain access to backend data that is often sensitive.

Vulnerability Scanning

Running software that scans and detects exploits can be beneficial against zero-day exploits that may have similarities to other exploits. If the software has good logic, it can sometimes detect exploits and attacks even if they haven't been identified.