When security personnel aren’t aware of a software vulnerability and do not have the ability or capacity to update to resolve the problem quickly, the situation is referred to as a “Zero-Day.”

At its essence, a zero-day vulnerability is a bug. It is a previously undiscovered security issue that reveals a vulnerability in software or hardware and may cause complex ramifications long before anybody notices anything is amiss.

It’s critical to recognize the distinction:

  • A threat actor may use malicious code to exploit a zero-day vulnerability, which is an undiscovered security defect or software problem.
  • A hostile actor’s method or strategy to take advantage of the vulnerability to attack a system is known as a Zero-Day Exploit.
  • When a hacker makes malware available to take advantage of a software vulnerability before the developer of the software has fixed it, this is known as a “Zero-Day Attack.

Some Zero-Day Case Studies

Here are just a few vulnerabilities that have been identified in recent years:

Kaseya VSA

The Kaseya VSA software, used to monitor and manage the infrastructure of Kaseya customers, was compromised on Friday, July 2. According to Kaseya’s public statement, REvil ransomware operators compromised less than 60 Kaseya clients and 1,500 downstream organizations by using zero-day vulnerabilities to distribute a malicious update. Read more.

SonicWall VPN Security Vulnerability

The SonicWall SMA (Secure Mobile Access) devices are vulnerable to a new zero-day vulnerability, CVE-2021-20016, which was disclosed on February 4, 2021, by SonicWall’s Product Security Incident Response Team (PSIRT). According to SonicWall, the SMA 100 series device is affected by this new vulnerability, and upgrades are needed for models using 10. x firmware. If or how this most recent exploit impacts any older SRA VPN devices currently in use in production environments has yet to be discovered, according to SonicWall.

Relay for MSRPC Printer Spooler (CVE-2021-1678)

A critical vulnerability identified by CrowdStrike® researchers, CVE-2021-1678, was patched by Microsoft on Patch Tuesday, January 12, 2021. This vulnerability enables an attacker to execute malware remotely on an attacked computer using the printer spooler MSRPC interface and relaying NTLM authentication sessions to the targeted machine.

Your Company Secured for up to 30% less

Microsoft ZeroLogon

Microsoft published a security update on August 11, 2020, that fixed a serious vulnerability in the NETLOGON protocol (CVE-2020-1472) that Secura researchers found. However, despite having a maximum CVSS score of 10, the CVE in the security update attracted little attention because no early technical information was made public.

An unauthenticated attacker with network access to a domain controller can exploit this vulnerability to start a vulnerable Netlogon session and eventually take control of the domain. Since connecting to a domain controller is necessary for a successful exploit, the vulnerability is particularly serious.

NTLM Critical Security Vulnerability

Patch June 2019 Microsoft made patches available on Tuesday for two vulnerabilities identified by Preempt (now CrowdStrike) researchers as CVE-2019-1040 and CVE-2019-1019. Three logical weaknesses in NTLM, the exclusive authentication system used by Microsoft, make up the significant vulnerabilities. Preempt researchers were successful in getting around all significant NTLM security measures.

These vulnerabilities allow attackers to remotely run malicious code on any Windows PC or log in to any HTTP server that accepts Windows Integrated Authentication (WIA), including ADFS and Exchange. All versions of Windows that have not had this patch applied are vulnerable.

Stuxnet Worm

One of the most well-known zero-day attacks is the worm Stuxnet, which is said to have seriously harmed Iran’s nuclear program. The Microsoft Windows operating system’s four separate zero-day vulnerabilities were all used by this worm.

How to Shield Your Company From Zero-Day Attacks

The greatest defences against zero-day attacks are as follows:

Patch Control

The act of finding and distributing software updates, or “patches,” to various endpoints, such as desktops, mobile devices, and servers, is known as patch management.

A “patch” is a specific update or group of updates offered by software developers to address technical problems or known security vulnerabilities. New features and functionality for the program may also be included with patches.

It’s vital to keep in mind that patches are frequently temporary fixes meant to be utilized up to the following major software release.

The following factors will be taken into account by an efficient patch management process:

Examining security patch updates

Because patch releases are based on known vulnerabilities, an efficient and timely patch management system is crucial for network security. As a result, an increased risk is associated with utilizing outdated software since attackers may exploit and use system flaws more readily.

Vulnerability Management

The continual, routine process of discovering, analyzing, reporting on, managing, and resolving cyber vulnerabilities across endpoints, workloads, and systems is known as vulnerability management. A security team often uses vulnerability management technology to find vulnerabilities and applies various patching or remediation procedures to close them.

A robust vulnerability management program prioritizes risks and addresses vulnerabilities as soon as feasible using threat intelligence and an understanding of IT and business processes.

Web Application Firewall (WAF)

A web application firewall, often known as a WAF, is a security tool created to safeguard enterprises at the application level by filtering, observing, and analyzing HTTP and HTTPS traffic.

Before harmful requests get to the user or web application, a WAF works as a reverse proxy, protecting the application.

A WAF, a crucial component of an all-encompassing cyber security strategy, aids in defending a business from a number of application layer attacks, including SQL injection, Denial of Service (DoS), and Distributed Denial of Service (DDoS) attacks, in addition to Zero-Day attacks.

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io”

For media enquiries, contact us at media-enquiries@rhyno.io.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center