A Zero-day exploit is “an unknown exploit that divulges security flaws in software before such a flaw is publicly reported or announced”(Ibor). It is hard to combat a Zero-day exploit, since there isn’t a security patch that is pushed out to fix the vulnerability. Usually, once the exploitation is discovered, the owner of the software pushes out a patch to prevent further attacks. However, in this case Microsoft was notified before the exploit was made public and still failed to take action. According to a recent article by ZDnet, a researcher discovered a Zero-Day vulnerability that lets hackers steal files from Windows. He informed Microsoft of the vulnerability. However, Microsoft did not patch the problem in its upcoming monthly security update. The Zero-Day exploit uses a vulnerability within the way Internet Explorer processes MHT files. Without the patching, hackers can exploit the vulnerability and steal files from you systems. This discovery highlights a few things, first the importance of regular patching, and second the need to have a cyber security expert on your side giving you advice. For now, we recommend you avoid Internet Explorer until Windows pushes out a patch for the problem. Once the patch is pushed, make sure you update you system.
As you can see patching/updating system is a critical process for any business that utilizes a computer system on a daily bases. Here at DGM, we have a systematic patching process that will support your patch management needs. Please reach out to us at contact@digitalguardsmen.com for more information.
Work Cited:
Cimpanu, Catalin. “Internet Explorer Zero-Day Lets Hackers Steal Files from Windows PCs.” ZDNet, ZDNet, 16 Apr. 2019, www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem: Trending Content&utm_content=5cb1820f00e48b00017ed656&utm_medium=trueAnthem&utm_source=twitter.
Ibor, A. E. 1.ayei.ibor@gmail.co. “Zero Day Exploits and National Readiness for Cyber-Warfare.” Nigerian Journal of Technology, vol. 36, no. 4, Oct. 2017, pp. 1174–1183. EBSCOhost, doi:10.4314/njt.v36i4.26.