Comment

Comment on Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

BigDanishGuy@sh.itjust.works ⁨2⁩ ⁨months⁩ ago

If it’s a zero day then Microsoft didn’t know about it. If Microsoft knew about the exploit for a year it was not a zero day.

Sort:hotnew top

echodot@feddit.uk ⁨2⁩ ⁨months⁩ ago
Zero Day just means that you have zero days to fix it before it becomes a problem. Doesn’t mean that you actually take zero days to fix it.

source
- BigDanishGuy@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
  What? No it doesn’t, it means that the exploit has been known for zero days, aka it’s an unknown exploit.
  
  source
  - Grimy@lemmy.world ⁨2⁩ ⁨months⁩ ago
    
    A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor has zero days to prepare a patch as the vulnerability has already been described or exploited.
    
    From wiki
    
    source
  - AceBonobo@lemmy.world ⁨2⁩ ⁨months⁩ ago
    My understanding, zero day means when the exploit was discovered it was already being used in the wild. This is different from an exploit discovered by a bounty program or by security researchers.
    
    source