Vulnerabilities
Zero-Day Vulnerability
Also known as: 0-day vulnerability, Zero-day flaw
Definition
A security flaw that is unknown to the vendor (or for which no patch yet exists) at the moment it is discovered or exploited.
Examples
- Stuxnet leveraged multiple Windows zero-days against Iranian centrifuges.
- CVE-2023-23397 — Outlook NTLM zero-day exploited by Russia-linked APT28.
Related terms
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
Zero-Day Exploit
Working exploit code for a vulnerability that the vendor does not yet know about, or for which no patch is available — extremely valuable to attackers.
N-Day Vulnerability
A publicly disclosed vulnerability for which a patch already exists, but which remains exploitable on systems that have not yet been updated.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Advanced Persistent Threat (APT)
Advanced Persistent Threat (APT) — definition coming soon.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.