What is a Zero Day Attack?
"Zero-day" (also known as zero-day attack) refers to a security vulnerability that is maliciously exploited immediately after being discovered. In layman's terms, related malicious programs appeared within the same day that the security patches and flaws were exposed. Such attacks are often very sudden and destructive.
Zero-day vulnerability
- Although there haven't been a large number of "zero-day vulnerabilities" attacks, their threats are growing, and the evidence is as follows: Hackers are better at exploiting security holes shortly after they are discovered. In the past, security vulnerabilities were usually exploited for months. Recently, the time interval between discovery and utilization has been reduced to several days.
- Attacks that exploit vulnerabilities are designed to spread rapidly and infect more and more systems. Attacks have evolved from previously passive, slow-moving files and macro viruses to more proactive,
- By definition, detailed information about a "zero-day vulnerability" attack appears only after the attack has been identified. Here are the important signs you will see when a "zero-day vulnerability" attack occurs: unexpected legal data flow or a large amount of scanning activity originating from a client or server; unexpected data flow on a legitimate port; After the latest patch is installed, similar activities continue to occur on the attacked client or server.
- Prevention: Good preventive safety practices are essential. These practices include careful installation and compliance with business and application needs
- Zero-day vulnerability hits Microsoft, severely tested
- Microsoft was unable to resolve the zero-day IE browser zero-day vulnerability originally discovered in October 2013 within a reasonable time given by researchers, so this vulnerability is now officially public.
HP Zero-Day Initiative (ZDI) is a hacking research team at Pwn2Own. According to a report released by them, the IE zero-day vulnerability only affects Microsoft IE 8. This vulnerability is exposed when the browser processes the CMarkup object.
Although this vulnerability only affects IE 8, another problem occurs in the same library. Attackers can use this vulnerability to gain local access to IE 10. For this vulnerability, Microsoft released a "fix" toolkit before publicly announcing the vulnerability.
When a user visits a malicious website, the current vulnerability may be triggered. If the hacker successfully invades this vulnerability, he can remotely execute any code on the host and gain the same access rights as the current user. User interaction will exacerbate the severity of this vulnerability-the general vulnerability scoring system rated the vulnerability as 6.8.
The ZDI report states: "However, in all cases, an attacker may not be able to force the user to view the content controlled by the attacker. On the contrary, the attacker may have to use some means to convince the user to take the initiative to operate. Usually it is to induce the user to click A hyperlink in the content of an email or instant message that allows users to visit an attacker's website or induces users to open an email attachment. "
ZDI pointed out that they first reported the IE zero-day (CVE-2014-1770) vulnerability to Microsoft in October 2013, when it was discovered by Belgian security researcher Peter Van Eeckhoutte, and Microsoft confirmed it in February 2014 Got this problem. ZDI usually reserves 180 days of vulnerability processing time for suppliers before they disclose the vulnerability to the public, which means that Microsoft has time to fix the vulnerability before April.
In this incident, Microsoft actually had another chance to solve the problem in early May, but it also did not pay attention to ZDI's warning about opening this vulnerability. In recent months, Microsoft's security team has been fighting hard-they were forced to release a non-pattern patch earlier this month to fix another IE zero-day vulnerability, which also includes a special support for the currently no longer supported XP operating system repair kit.
The ZDI report provides some technical methods for dealing with IE zero-day vulnerabilities, including setting the IE security domain to "High" or configuring the browser to pop up a prompt before running Active Scripting. Probably, the easiest way to solve this problem is to install and run Microsoft's Enhanced Mitigation Experience Toolkit. Microsoft also hopes to find a way to deal with the zero-day vulnerability before the patch is released. [1]