Zero-Day Exploits: What They Are and Why Phishing Often Delivers Them

Zero-Day Exploits: What They Are and Why Phishing Often Delivers Them

Not all cybersecurity jargon is worth decoding, but "zero-day exploit" is one that every business owner should understand — because it's one of the most dangerous categories of attack, and phishing is its most common delivery method.

What is a zero-day exploit?

A zero-day vulnerability is a security flaw in software that is unknown to the vendor. Because the vendor doesn't know about it, there's no patch or fix yet. Attackers who discover these flaws can exploit them freely until a fix is developed and deployed.

The "zero-day" part refers to the number of days the software vendor has had to fix it: zero.

Why are they dangerous?

Normal security advice is "keep your software updated." Zero-day exploits bypass this entirely — because even fully up-to-date software has unknown vulnerabilities. There's nothing you can update to because no patch exists yet.

How does phishing deliver zero-day exploits?

Zero-day exploits are often weaponised through:

1. Malicious email attachments containing documents or files that exploit vulnerabilities in common software (Microsoft Office, Adobe Reader, etc.)
2. Phishing links to malicious websites that exploit browser vulnerabilities just by visiting the page (drive-by download)
3. Phishing emails that trick users into enabling macros in documents, which then exploit vulnerabilities in the system

The attacker doesn't need you to install software. They just need you to open a file or visit a page — and the exploit does the rest silently.

Real-world impact:

Zero-day exploits are primarily used by sophisticated attackers — nation-state actors, advanced criminal groups, or corporate espionage operations. For most Australian SMBs, this level of threat is unlikely. However, zero-day exploits do eventually become widely known and get incorporated into lower-level attack tools.

The most famous example: the WannaCry ransomware that affected hundreds of thousands of computers globally used a zero-day exploit that had been stolen from the NSA.

What can you actually do about zero-days?

You can't patch what doesn't have a patch. But you can reduce your exposure:

1. Don't open unexpected attachments. Zero-day exploits via documents require you to open the document. Not opening it prevents the exploit.

1. Keep software as up-to-date as possible. Vendors release patches quickly once vulnerabilities are discovered. Time between patch release and your update is a window of exposure.

1. Use email security tools that sandbox attachments — opening them in a secure environment to check for malicious behaviour before delivering them to you.

1. Restrict macro execution in Microsoft Office across your organisation.

1. Principle of least privilege. If an exploit does execute, it can only do what the logged-in user is allowed to do. Limiting admin privileges limits the damage.

Build your security layer by layer at Phishbate →