14 DAY TRIAL // Get your hands on a Windows Vista zero-day and you have struck pure gold. No more and no less. This is because of the nature of zero-days vulnerabilities. David McKinney, a member of the Symantec Response Center had a tough time when it came to track and observe the evolution of zero-day vulnerabilities.
"A zero-day vulnerability is one for which there is sufficient public evidence to indicate that the vulnerability has been exploited in the wild prior to being publicly known. It may not have been known to the vendor prior to exploitation, and the vendor had not released a patch at the time of the exploit activity," McKinney commented.
The reason behind the increased relevance of zero-day vulnerabilities is delivered by the fact that there is no information available associated with the flaws or the exploits outside of a limited group of attackers. The latest .ANI file vulnerability in Windows 2000, Windows XP, Windows Server 2003, and Windows Vista is just such an example. The vulnerability in Windows Animated Cursor Handling was a zero-day only before it became public via McAfee that revealed the detection of attacks targeting the flaw.
"An unknown quantity of zero-day vulnerabilities exists at any given moment, but once they're exposed to the light they cease to be zero-day vulnerabilities. We can't speculate on unknown zero-days because our data includes only those vulnerabilities that we know about. This means that we have to concentrate on zero-day vulnerabilities that have been "outed." It is also an "in the wild" vulnerability because active exploitation is what makes zero-day vulnerabilities a concern," McKinney added.
It has been the general tendency of the threat landscape to shift from public and general attacks to targeted exploits. Zero-days are a simple addition to the evolution of the threat environment. Windows Vista is the operating system that will come under anonymous fire. "I don't think we can ever have a definitive answer about the number of unknown zero-day exploits that are disseminating in the wild at any given time. My gut tells me that they've been out there for some time and are probably more prevalent than the data indicates. We can extrapolate from the hard data that they are on the rise because public incidents are more common," McKinney concluded.