What Is a Zero-Day Vulnerability?

A zero-day (or 0-day) vulnerability is a security flaw in software, hardware, or firmware that is unknown to the party responsible for patching it. The name comes from the idea that developers have had zero days to fix the problem. Until a patch is released, any system running the vulnerable software is exposed.

The Zero-Day Lifecycle

1. Discovery — A researcher, criminal, or intelligence agency finds the vulnerability.
2. Weaponization — An exploit is developed that takes advantage of the flaw.
3. Active exploitation — Attacks begin, often before the vendor is aware.
4. Disclosure — The vulnerability is reported to the vendor (responsible disclosure) or sold/leaked publicly.
5. Patch release — The vendor releases a fix; devices running the update are protected.
6. End of zero-day window — Once patched and widely applied, the zero-day ceases to be exploitable for most targets.

Who Finds and Uses Zero-Days?

How to Reduce Your Risk

• Keep all software updated — zero-days become known vulnerabilities once patched
• Use layered defences (network firewalls, endpoint detection) — no single tool catches everything
• Disable unused features and services — a smaller attack surface means fewer targets
• Follow the principle of least privilege — limit what any one account or app can do

People Also Ask

Is there anything I can do to protect against zero-days?

No patch exists by definition, but defence-in-depth helps. Keeping software updated closes the window once a patch is released. Endpoint behavioural detection can catch exploit behaviour even without a known signature. Minimizing your attack surface reduces the number of vectors available.

What is a zero-day exploit vs zero-day vulnerability?

The vulnerability is the flaw. The exploit is the code or technique that takes advantage of it. A zero-day vulnerability becomes more dangerous once an exploit has been developed and weaponized.

Related: Malware | Man-in-the-middle attack | SSL Check