When applications or software are created they may have vulnerabilities. It is nearly impossible to find out all the vulnerabilities in an application, and this is an accepted fact. Considerable time and effort are required to search for vulnerabilities and even then they may not be visible to the analyst or developer. When cyber criminals develop malware that exploits vulnerabilities in code before the developer identifies and releases a fix, it is called as a zero-day exploit.
In the Windows 10 OS, Microsoft has introduced Exploit Mitigation and Layered Detection Techniques to prevent zero-day exploits. It has strengthened the security framework. Microsoft has enhanced the security of its Edge browser by adding a safe virtualized layer. Microsoft is endeavoring to prevent cyber attacks by adding more defensive layers and techniques to mitigate effects of exploits.
Cyber criminals initiate typical campaigns through spear phishing attacks. Google’s Threat Analysis Group had earlier identified a spear phishing malware campaign that exploited zero-day vulnerabilities in Adobe Flash. Win32k.sys had a ‘type-confusion’ vulnerability that was used to gain elevated privileges for the attack. Microsoft has issued patches to fix this vulnerability that affects Windows OS versions that do not have the Anniversary update.
Many other exploits have tried to gain elevated privileges to install other malware such as backdoors, spyware, and trojans. With the introduction of the Windows 10 Anniversary Updates, Microsoft seems to have overcome many zero-day exploits.
However, a more dependable and secure system is needed to thwart zero-day exploits. Prevention is better than cure. A technology that blocks all new malicious applications attempting to infect the system is required. While this can be achieved through containment (allowing execution of all unknown applications in a contained virtual environment), it is necessary to protect mission-critical applications on the enterprise servers and network systems through containerization. Comodo has been in the forefront of providing web security, and its SecureBox Containerization technology effectively protects mission-critical applications and data that helps mitigate the effects of zero-day exploits. Even if the systems do get infected they would not be able to infect any applications or data that have been containerized.