Zero-day

A vulnerability unknown to the vendor — and therefore unpatched — at the time of exploitation.

A zero-day is a vulnerability the vendor doesn’t yet know about — so there’s no patch and signature-based tools have nothing to match — making it especially valuable to attackers and to the exploit market. Since you can’t patch what isn’t known, defense leans on compensating controls: network segmentation, least privilege, behavior-based EDR, and virtual patching at a WAF/IPS. The moment a zero-day is disclosed, a race begins between defenders deploying the fix and attackers exploiting the window.

Related terms

Back to Threats, Vulnerabilities, and Mitigations