Zero-Day Attack

Business, Legal & Accounting Glossary

Definition: Zero-Day Attack

Zero-Day Attack

Full Definition of Zero-Day Attack

A zero-day attack (a.k.a. Day Zero) is an attack that takes advantage of a potentially serious software security vulnerability that the vendor or developer is unaware of. The software developer must act quickly to address the vulnerability as soon as it is detected to minimise the risk to software users. The fix is referred to as a software patch. Additionally, zero-day attacks can be used to compromise the internet of things (IoT).

The term “zero-day attack” refers to the number of days the software developer was aware of the problem.

  • A zero-day attack is a type of software attack that takes use of a vulnerability that the vendor or developer was unaware of.
  • The term is derived from the amount of days a software developer has been aware of the issue.
  • A software patch is used to address a zero-day attack.
  • Antivirus software and regular system upgrades can help against zero-day assaults, albeit they are not always effective.
  • Different markets exist for zero-day attacks, ranging from legal to illicit. There are three types of markets: the white market, the grey market, and the dark market.

A zero-day attack may involve malware, adware, spyware, or unauthorised access to user data. Users can protect themselves against zero-day attacks by configuring their software — including operating systems, antivirus software, and web browsers — to update automatically and promptly applying any recommended updates that are not scheduled on a regular basis.

Having said that, having updated antivirus software does not guarantee that a user would be protected from a zero-day attack, as the antivirus software may be unable to identify the vulnerability until it becomes publicly known. By preventing and responding against intrusions and safeguarding data, host intrusion prevention systems also assist protect against zero-day assaults.

Consider a zero-day vulnerability to be an unlocked car door that the owner believes is locked but is discovered to be unlocked by a robber. The thief may enter unobserved and steal items from the car owner’s glove compartment or trunk, which may not be discovered for days after the damage has been done and the burglar has fled.

While zero-day vulnerabilities are typically used by criminal hackers, they can also be used by government security services for surveillance or attack purposes. Indeed, government security organisations have such a high demand for zero-day vulnerabilities that they assist drive the market for purchasing and selling information about these flaws and how to attack them.

Zero-day exploits may be made public, kept confidential, or sold to a third party. They may be sold with or without exclusive rights. From the software firm’s perspective, the optimal solution to a security problem is for an ethical hacker or white hat to confidentially reveal it to the company so that it can be rectified before criminal hackers discover it. However, in some circumstances, multiple parties must fix the vulnerability in order for it to be entirely resolved, making a total private disclosure difficult.

The Markets for Zero-Day Attacks

Criminal hackers share details about how to get past insecure software to steal important information in the dark market for zero-day information. Researchers and businesses sell information to military, intelligence agencies, and law enforcement on the black market. Companies pay white hat hackers or security researchers to uncover and expose software vulnerabilities to developers, allowing them to solve problems before criminal hackers do.

Depending on the buyer, the supplier, and the relevance of the information, zero-day information could be worth a few thousand to several hundred thousand dollars, making it a potentially lucrative market to participate in. Before a transaction can be finalised, the seller must produce a proof-of-concept (POC) to confirm the existence of the zero-day exploit. The Tor network allows zero-day transactions to be made anonymously using Bitcoin for people who want to exchange zero-day information unnoticed.

Zero-day attacks may be less dangerous than they appear. Governments may have more effective means of spying on their citizens, and zero-day exploits may not be the most effective way to exploit corporations or individuals. To be effective, an attack must be launched strategically and without the target’s knowledge. Launching a zero-day attack on millions of systems at once may reveal the existence of the vulnerability and result in a fix being deployed too rapidly for the attackers to complete their ultimate goal.


Microsoft was made aware of a zero-day assault on their Microsoft Word programme in April 2017. The attackers exploited a weak and unpatched version of the software via a malware dubbed Dridex banker trojan. The virus enabled attackers to implant harmful code in Word documents, which was executed immediately upon document opening. McAfee, an antivirus company, uncovered the hack and alerted Microsoft to the corrupted software. Although the zero-day attack was discovered in April, it had already targeted millions of people since January.

Cite Term

To help you cite our definitions in your bibliography, here is the proper citation layout for the three major formatting styles, with all of the relevant information filled in.

Page URL
Modern Language Association (MLA):
Zero-Day Attack. Payroll & Accounting Heaven Ltd.
March 31, 2023
Chicago Manual of Style (CMS):
Zero-Day Attack. Payroll & Accounting Heaven Ltd. (accessed: March 31, 2023).
American Psychological Association (APA):
Zero-Day Attack. Retrieved March 31, 2023
, from website:

Definition Sources

Definitions for Zero-Day Attack are sourced/syndicated and enhanced from:

  • A Dictionary of Economics (Oxford Quick Reference)
  • Oxford Dictionary Of Accounting
  • Oxford Dictionary Of Business & Management

This glossary post was last updated: 7th January, 2022 | 0 Views.