Zero Day Exploits

What is a Zero Day Exploit?

Simply put a zero day exploit is a software vulnerability that is found by hackers before the software creator.  They can be the worst kind of security hole as they can be exploited until the software creator is made aware and can fix the problem.

Two On The Same Day

This morning I have run across two articles about zero day exploits and the patches that are available.  The first is a security flaw in Microsoft Internet Explorer.  There is temporary fix for this available from Microsoft until they can get a permanent patch distributed.  When available the patch will be pushed out through the normal update channels for Microsoft software.

The second zero day exploit and fix I ran across is Adobe Flash.  They have a technical bulletin out describing which versions are vulnerable and which are not.   This is the Detail from that bulletin:

Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:

Update Your Software

I work with many people on their computers.   One of the comments that I cringe at is “That update window keeps popping up and I just close it.”  Most legitimate software vendors out there provide a mechanism to update the software they create.  The reason they do is not only for improvements but also to patch vulnerabilities.  When a software program you have pops up and says there is a update would you like to install it you should do so.  Software producers are not doing this to pester you, they don’t want to be responsible for a breach of your computer.

Why are there so many updates

Most software we use is very complex as are the computers and operating systems we use.  Our computers unlike 20 years ago that occasionally got online are on all the time.  Surfing the web is commonplace and because of that attacks are primarily going to come from the web.  Software creators try to create a good usable and secure program that you can use for some purpose.  There are people out there that are constantly looking for holes in software to gain access to computers.  You may be one who says I don’t have anything on my computer of any importance so if someone gained access it would be no big deal.  You may not have anything to steal but with the right exploit a hacker could commandeer your computer for their own purposes.  They could use it for sending out spam, which will end up getting you in trouble with your
and probably blacklisted so you can’t send out your own email.  They could use it to host websites of all sorts including for illegal activities.  Which will of course get your into trouble with law enforcement at some level.  They could just use it as a bot in a bonnet for attacking other computers.  There are many reasons and none of them do you want to be a part of.

So the more software titles you use the more you will need to keep updated.  Some occur automatically others require you to do some action.  Take a few minutes and get them done.  As always if you need help with any of these issues I am available to assist.