Askeal Logo

Zero Day Exploits

A zero day exploit is an attack that takes advantage of a software or hardware vulnerability that is unknown to the vendor or has no available patch.

What is a zero day exploit?How it typically works?Common techniques & variantsImpactFurther reading

What is a zero day exploit?

A zero day exploit abuses a previously unknown vulnerability for which there is no vendor fix at the time of exploitation. Because the vulnerability has not been publicly disclosed defenders lack signatures or patches to block attacks reliably. Attackers value zero day exploits for initial access, privilege escalation, or persistence. Notable incidents involve browser engine flaws, office document parser vulnerabilities, and firmware weaknesses. The risk rises when the exploit is incorporated into a toolkit used across many targets, turning a single flaw into a widespread crisis before mitigations are available.

How it typically works?

  1. Discovery: a researcher or attacker finds an unknown vulnerability in software, firmware, or hardware.
  2. Weaponization: an exploit is developed to trigger the vulnerability reliably and often automatically.
  3. Delivery: attackers deliver the exploit through email attachments, drive by downloads, weaponized documents, or targeted web pages.
  4. Execution and objective: code runs on the victim system to achieve the attacker goal such as remote code execution or privilege escalation.
  5. Remediation gap: until the vendor issues a patch or mitigation, defenders must rely on detection heuristics and compensating controls.

Common techniques & variants

  • Browser engine zero days: exploit rendering or scripting engines to run code when a user visits a page. Examples include high profile exploits used in targeted attacks.
  • Document based exploits: weaponized office documents or PDFs that execute code when opened, often used in targeted phishing.
  • Firmware and ROM exploits: low level flaws in device firmware that persist across operating system reinstalls.
  • Privilege escalation zero days: escalate from a user context to administrative levels to enable broader compromise.
  • Chain exploits: combine multiple zero days with known vulnerabilities to bypass defenses or reach deeper network segments.

Impact

Zero day exploits pose extreme operational risk because defenders operate in the dark until the flaw is disclosed or detected. They enable stealthy intrusions, long term espionage, and rapid deployment of ransomware or data exfiltration. For SecOps teams, the challenge is twofold: detecting anomalous behaviors without reliable signatures and rapidly deploying compensating controls while awaiting vendor patches. Threat intelligence and rapid patch management are critical but not always sufficient when the vulnerability is in legacy or embedded systems that lack timely updates.

Further reading

  • MITRE: Common Vulnerabilities and Exposures. Read more
  • CISA: Zero Day Vulnerabilities guidance and alerts. Read more
  • NIST: Vulnerability disclosure and management resources. Read more
  • Microsoft Security Response Center: advisories and case studies. Read more
  • Google Project Zero research publications. Read more

Related topics

APTExploit KitLateral Movement