Zero-day means the company had 0 days to fix it before the exploits were made public. Maybe the headline is wrong?
Comment on Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
SnotFlickerman@lemmy.blahaj.zone 1 day ago
To anyone misreading this, these exploits were patched yesterday and thus were included as the final patch for Windows 10 before the extended security updates requirements kick in.
Known exploits are always reported to the company first to give them time to patch it before releasing info on the exploits.
All Windows 10 users will continue to have access to the patches in this final freely available patch Tuesday for Windows 10. They just can’t get new updates without joining the ESU program.
I hate Microsoft too and only use Linux, but let’s stop the circlejerk of false claims here please and thank you.
sourhill@lemmy.sdf.org 1 day ago
mic_check_one_two@lemmy.dbzer0.com 5 hours ago
Nope, 0-day means it was exploited in the wild before the company knew about it. Basically, the company had to rush to patch it because it was already being exploited. It means black-hat hackers found it and exploited it before the white/grey-hat hackers reported it. If white-hat hackers found it first, they’d have already alerted the company and given time to patch it before they announced the vulnerability. But since the black-hat hackers found it first, it was a 0-day.
MrNesser@lemmy.world 1 day ago
Nope 0 days means
Zero-day vulnerability: A software flaw that attackers discover before the developer does.
Zero-day exploit: The method hackers use to take advantage of this unknown vulnerability.
Zero-day attack: An attack that uses a zero-day exploit to damage a system, steal data, or plant malware before a patch is available. This is a serious risk because no defenses are in place for this specific flaw yet.
The first is the most common one found in the press and is usually reported to the company so they can patch it, before press release.
Attacker94@lemmy.world 2 hours ago
Maybe I was just missing pertinent information, but I thought a zero day was an attack that could be exploited in a very short time frame that has remained unpatched, I didn’t realize there was a hierarchy to the different stages.
frongt@lemmy.zip 1 day ago
But it would be weird to call something a “zero-day” if it wasn’t being exploited. Like if I discover a vuln, it shouldn’t be considered a zero-day, even if I report it, if I’m not exploiting it in the wild.
Cethin@lemmy.zip 20 hours ago
It was exploited. That’s how they proved it worked. They just didn’t exploit it to do anything nefarious.
sourhill@lemmy.sdf.org 1 day ago
Ahh TIL. Thanks for the clarification!
SnotFlickerman@lemmy.blahaj.zone 1 day ago
Perhaps, either that or they made a very quick fix making updates to address them the day before this patch release.
floquant@lemmy.dbzer0.com 4 hours ago
Yeah, until something like this happens again a year or two down the line. Not to mention all unpatched or lagging systems
Alaknar@sopuli.xyz 4 hours ago
It already happened with Windows 7. They still released the patch there.