A Zero-Day Attack exploits a security vulnerability for which no patch exists. The term means developers have had zero days to address the flaw — it may even be unknown to them when exploitation begins.

The Window of Exposure — Five Phases

Phase	Description
Pre-Discovery	Vulnerability exists but no one has identified it
Discovery	Identified but not yet announced
Announcement	Publicly disclosed — attackers become aware
Exploit	Automated exploit code published
Patch	Vendor releases a fix

Real-World Example: PowerPoint Zero-Day

Malicious .ppt files exploited a memory-access error in Microsoft PowerPoint 2000–2003 and Office 2004 for Mac, allowing remote code execution with the logged-in user’s privileges. Microsoft recommended using the Office Isolated Conversion Environment (MOICE) as an interim workaround.

Zero-Day Protection Architecture

• Protocol Anomaly Detection — blocks traffic not conforming to protocol standards.
• Pattern Matching — removes high-risk file types by inspecting full packet payloads.
• Behaviour Analysis — identifies suspicious behaviours including DoS, DDoS, and port scans.

Defence Recommendations

• Apply the Principle of Least Privilege for all user access controls.
• Restrict active code (JavaScript, ActiveX) execution in browsers.
• Use Group Policy Objects in Active Directory to limit user access.
• Do not rely solely on antivirus — zero-day exploits evade signature detection until new signatures are released.