Recently, the security community has been enthralled\u2014simultaneously terrified and fascinated\u2014with a set of newly leaked attack tools. Within this set, a number of tools were designed to exploit \u201czero day\u201d vulnerabilities for the Windows operating system. For this week\u2019s blog, I\u2019ll try to shed some light on what this jargon means, why \u201czero day\u201d bugs are feared by some, and why you don\u2019t need to panic.\nThe term, \u201czero day,\u201d has its origins in the software piracy community. For decades, piracy groups have competed to be the first to distribute video games and applications that have had their copy protection removed (often a technically challenging process). When an unprotected copy of the software is available the same day that the legitimate software has been released, this has traditionally been called \u201czero day warez\u201d.\nMore often than the software than the industry would like to admit, computer security vulnerability researchers\u2019 careers have their origins in hacking copy protection. This winds up serving as very effective cross-training. The same skills used to reverse engineer copy protection and designing workarounds are directly applicable to finding vulnerabilities in computer systems, software, and networks. Thus, some of the terminology of computer security is inherited from the subculture of software piracy and the mischievous hackers of the 80\u2019s and 90\u2019s.\n\u201cZero day,\u201d in computer security, is a term used to describe new vulnerabilities identified in software. These vulnerabilities can be exploited by attackers to gain access to your systems and networks. Exact definitions vary (and are often pointlessly debated), but the term \u201czero day\u201d is usually reserved for vulnerabilities that do not yet have a patch or fix available.\nThis is especially dangerous when that vulnerability information is made public, as attackers can use it to attack many systems that have not yet been patched, like the recent WannaCry ransomware attack. This danger is compounded when the vulnerabilities are \u201cremote,\u201d meaning that they can be exploited across a network without having to first log in.\nThe recently disclosed Windows vulnerabilities are relatively unique in that they are remote and reliably exploitable (some vulnerabilities are too difficult to practically exploit by attackers). Exploits for these vulnerabilities are readily available and easy to use by hackers. Thankfully, their \u201czero day\u201d status is relatively short-lived. Patches are available now for most of them from Microsoft in Windows Update.\nThough patches are available, these vulnerabilities will be widely exploited for years. If you asked any hacker or penetration tester about reliable remote exploits against Windows, they would immediately bring up \u201cMS08-067\u201d (colloquially named after the Microsoft bulletin that describes the patch for it). Even though this vulnerability was patched in 2008, it\u2019s frequently used in penetration testing training (as it is very easy to exploit), and still occasionally encountered \u201cin the wild\u201d on poorly maintained systems. The recently disclosed vulnerabilities will join MS08-067 in having a long life.\nShould you be worried about \u201czero day\u201d vulnerabilities? The WannaCry attacks definitely opened the eyes of many individuals. Yes, you should be worried. Clearly, your security practices should include effective patch management that keeps systems up to date, but how can you prevent exploitation of vulnerabilities you don\u2019t even know about?\nProtecting yourself against the inevitable \u201cunknown unknowns\u201d of vulnerabilities requires more than just patch management. It\u2019s important to minimize your attack surface--the parts of your network that an attacker has the opportunity to interact with and attack. Many vulnerabilities exploited in real-world breaches wind up being in systems that didn\u2019t need to face the public Internet in the first place.\nDefense-in-depth will help you overcome the need to fear \u201czero day.\u201d \u00a0Engage your IT security staff or vendor. Discuss how to examine your attack surface and how to minimize it. \u00a0And carefully monitor everything that\u2019s left! New vulnerabilities are disclosed and exploited on a daily basis. Some are more serious than others, but your goal should be to make sure that none of them become the weak link that takes out your organization.