There are unknown vulnerabilities in our operating systems and applications, and it’s a race to see who can exploit them first. In this video, you’ll learn about zero-day attacks and what you can do to prevent an unforeseen attack.
The operating systems and the applications that we use every day have vulnerabilities associated with them, but we just don’t know what all of them are yet. They are inside the operating system, they’re part of the application, but nobody has quite yet been able to make public anything that would be a vulnerability. But there are people working very hard to find vulnerabilities in these operating systems and in these applications. These researchers are trying to find these vulnerabilities before the bad guys. That way they can be patched before anybody loses any of their data.
The bad guys obviously don’t want to tell anybody if they find a vulnerability. They want to be able to take advantage of it themselves before anybody has a chance to patch the operating system or the application. A zero-day attack is one that exploits a vulnerability that up until this point nobody knew existed. This is what the bad guys are looking for. They’re trying to find those vulnerabilities that nobody is aware of, so they can immediately take advantage of that before patch is available. If you’re interested in seeing what vulnerabilities may be identified, you can go to the mitre.org website and look at the common vulnerabilities and exposures database at cve.mitre.org.
Here’s a couple of zero-day vulnerability examples. The first is from March 2017. This is a CVE that was associated with Microsoft Office and WordPad. And it caused a remote code execution vulnerability with the Windows API. The end user simply needed to open a Microsoft Office file or a WordPad file that was specially crafted to take advantage of this vulnerability. So SophosLabs said that this vulnerability has actually been attacked in the wild since November of 2016, and it took until March 2017 to get a patch for it.
Another example of a zero-day vulnerability that had to be patched very quickly was in June 2017. This is a CVE that was associated with the Windows search remote code execution vulnerability. The bad guys could send a specially crafted Server Message Block message to the Windows search service and effectively controlled many aspects of the operating system. They could install new programs, they could view change, or delete your data, and they could install their own user accounts on your system. That’s obviously one of those zero-day vulnerabilities that needed to be patched very, very quickly.
Category: CompTIA Security+ SY0-501