LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is a zero-day attack?

An attack that exploits a vulnerability before the vendor knows about it or has released a patch — "zero days" to fix it.

Zero-day = Attack exploiting an unknown vulnerability

"Zero days" refers to the time developers have had to fix it — zero. What makes a zero-day special isn't the technique but the timing: the attacker strikes in the window before the vendor even knows the hole exists, so there's no patch and signature-based defenses (which only recognize known threats) are blind to it. That's why defense shifts from "block the known bad" to "watch for abnormal behavior."

Timeline:

  1. Attacker discovers a vulnerability
  2. Attacker creates an exploit
  3. The attack occurs before the vendor knows about it
  4. No patch exists yet, so systems stay exposed until one is released

Why it's dangerous: there's no patch and no signature, so antivirus and a signature-based IPS may not recognize it at all.

Protection therefore relies on catching the effect rather than the known code: behavior-based detection (flagging anomalies), network segmentation (limiting how far it can spread), and defense in depth (layered controls so one bypass isn't fatal).

Memory tip: Zero-day = "Day zero" — the problem is brand new, no fix exists yet.

Go deeper:

From Quiz: NETW1 / Networking Today | Updated: Jul 05, 2026