Page 1208 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1208
patch for a problem they do not consider serious. Attacks exploiting
the vulnerability during this time are often called zero-day exploits
because the public does not know about the vulnerability.
Vendor Releases Patch Once a patch is developed and released,
patched systems are no longer vulnerable to the exploit. However,
organizations often take time to evaluate and test a patch before
applying it, resulting in a gap between when the vendor releases the
patch and when administrators apply it. Microsoft typically releases
patches on the second Tuesday of every month, commonly called
“Patch Tuesday.” Attackers often try to reverse-engineer the patches to
understand them, and then exploit them the next day, commonly
called “Exploit Wednesday.” Some people refer to attacks the day after
the vendor releases a patch as a zero-day attack. However, this usage
isn’t as common. Instead, most security professionals consider this as
an attack on an unpatched system.
If an organization doesn’t have an effective patch
management system, they can have systems that are vulnerable to
known exploits. If an attack occurs weeks or months after a vendor
releases a patch, this is not a zero-day exploit. Instead, it is an
attack on an unpatched system.
Methods used to protect systems against zero-day exploits include
many of the basic preventive measures. Ensure that systems are not
running unneeded services and protocols to reduce a system’s attack
surface, enable both network-based and host-based firewalls to limit
potentially malicious traffic, and use intrusion detection and
prevention systems to help detect and block potential attacks.
Additionally, honeypots and padded cells give administrators an
opportunity to observe attacks and may reveal an attack using a zero-
day exploit. Honeypots and padded cells are explained later in this
chapter.
Malicious Code
Malicious code is any script or program that performs an unwanted,
