Zero Day Software VulnerabilitySoftware vulnerabilities are flaws or glitches or weaknesses that are created by developers totally unintentionally in software programs or in operating systems. Vulnerabilities can lead to security loopholes, threats and can be exploited by hackers or cyber criminals. Zero day vulnerability or zero day attack refers to the attack on software vulnerability that was previously unknown. It also refers to the attack on software vulnerability which becomes known on the very same day. It is important for the user to understand the seriousness of zero day vulnerability. If a user is experiencing a zero-day vulnerability in a software program it means that vendor of the software is not yet aware about this flaw and if this software is used by a million of users around the globe then the level of security risk involved is quite high. Generally zero day vulnerabilities are discovered by one of following three parties/users - security researchers, hackers and software vendors themselves. There is a term associated with software vulnerability and it is called Window of Vulnerability (WoV). As shown in Fig. 1 it is a time duration during which vulnerability come in light and fix of the same is made available by the vendor in the form of plugin, update or patch. Fig. 1 Window of Vulnerability (Source Ref. 1) Zero day vulnerabilities could lead to serious security risks. To overcome these attacks both proactive and reactive security measures are required. Proactive measures involve educating users of software programs about cyber-attacks, vulnerabilities and associated security risks. Use of strong antivirus and firewalls is another important proactive measure. Web application firewall (WAF) is installed to protect application layer of network from attacks like SQL injection and cross-site scripting. Make sure system can get updates automatically, it is crucial to put it on auto-update mode. Reactive measures involve manually installing software patches and updated software as an when they are made available. It is also important to update scripts and application, along with all add-ons, plug-ins and web themes. Such measures would decrease the risk of malware infections as well. There are several reasons due to which software vulnerabilities occur. Most common is bug in software and operating systems. Other reasons include complexity of the software which could lead to open access points, use of familiar codes, programs etc. and high connectivity with large number of physical connections could also lead to vulnerability. There are examples where products of some of the big software companies like Microsoft, Oracle, Adobe etc. suffered from zero-day vulnerability. By: Ms. Harpreet Kaur - Assistant Professor (CSE), Chitkara University, H.P. References
Disclaimer: The content of this newsletter is contributed by Chitkara University faculty & taken from resources that are believed to be reliable. The content is verified by editorial team to best of its accuracy but editorial team denies any ownership pertaining to validation of the source & accuracy of the content. The objective of the newsletter is only limited to spread awareness among faculty & students about technology and not to impose or influence decision of individuals.
|