Dealing with Zero-day Attack

Zero-day attacks are one the biggest challenge in the world of computer security. It occurs when there is a vulnerability (security weakness) in a system and there is no update for it. It happens because those vulnerabilities might discover by cybercriminals first before computer security people. In this case cybercriminals would take advantage of it. In other cases, it discover by computer security people , however they need more time to do research for its solution and do more testing before releasing update. While they are working on it, cybercriminals would discover that vulnerability and take advantage of it against computer users.

There are number of ways to prevent zero-day attacks. One way is by collaboration with all trusted security experts around the world and if anyone discover new vulnerabilities he or she will report it to everyone else and they are working together to fix it and release update. Another way is through researching to prevent future vulnerability, when new vulnerability discovered, they will do research on components that affected and work on building a new system to prevent possible future vulnerabilities to occur in future. However, there could be cases that there is discovered vulnerability and it is still under research or testing before update by computer security experts, however cybercriminals discover and take advantage of it. In this case, companies would release security advisories. In security advisory, they briefly explain about the vulnerability and purpose solution to fix it while they are working on the final update. The fix might have some side effect or if it release as update cause errors and other problems, therefore while it is being test, you could perform manual fix while waiting for update. In Microsoft all security advisories will post on Microsoft Security Advisories website. Another approach to deal will zero-days is through Anti-Malware signatures. While a zero-day vulnerability is being research and update is being test, an Anti-Malware update would release to Anti-Malware products and if those vulnerabilities exploit, your Anti-Malware product would detect it as threat and remove it. When there is an advisory and research for a zero-day vulnerability is under progress, your Anti-Malware software could protect you while you are waiting for update to resolve the vulnerability. Release update through Anti-Malware is the fastest way, because it has the less side effect on your software than actual update.

When there is a new advisory make sure to know about the actions and prepare to install the update as soon as it been release (it will announce in advisory website). Meanwhile, make sure update your Anti-Malware product to protect yourself against known zero-days. There is a worst case scenario that a vulnerability discovered by cybercriminals but it is not known to security experts. If you face any vulnerability that is unknown to security experts, please report it to Microsoft Security Response Center.

Advertisements

Comments are closed.

%d bloggers like this: