• How long has it been since we had a patched 0day that jumped up and bit us?

    Posted on May 12, 2020 at 11:33 CDT by Comment in the Forums

    I’m in the middle of a Tweetstorm – par for the course – but had an interesting response to one of my standard questions. The question goes like this:

    Can you tell me one, single, zero day patch that resulted in mainstream malware within, let’s say, a few weeks of release? Just one.

    I got a well-researched response. (Most of them are long on accusations and short on research – and make for amusing reading.) Here’s the list:

    • WannaCry
    • Blaster
    • Sasser

    To my mind, the best feedback I get is from people who take the time to think through their positions and come up with cogent arguments. That list prompted me to go back and check what really happened. Here’s what I found:

    • WannaCry/EternalBlue – patched April 11, 2017. Exploited May 12, 2017. More than a  month from patch to exploit – and it was a bad exploit! UPDATE: Andy Greenberg at Wired just published an excellent story about Marcus Hutchins, the guy who corralled WannaCry.
    • Blaster – patched May 28, 2003. Exploited August 11, 2003. Almost three months.
    • Sasser – patched April 13, 2004. Exploited April 30, 2004. Two weeks to exploit, and that’s scary. But it was 16 years ago.

    Have I missed something? Can you find a zero-day exploit that was patched, and then widely exploited within a few weeks of the patch?

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.