News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • How long has it been since we had a patched 0day that jumped up and bit us?

    Posted on May 12th, 2020 at 11:33 woody Comment on the AskWoody Lounge

    I’m in the middle of a Tweetstorm – par for the course – but had an interesting response to one of my standard questions. The question goes like this:

    Can you tell me one, single, zero day patch that resulted in mainstream malware within, let’s say, a few weeks of release? Just one.

    I got a well-researched response. (Most of them are long on accusations and short on research – and make for amusing reading.) Here’s the list:

    • WannaCry
    • Blaster
    • Sasser

    To my mind, the best feedback I get is from people who take the time to think through their positions and come up with cogent arguments. That list prompted me to go back and check what really happened. Here’s what I found:

    • WannaCry/EternalBlue – patched April 11, 2017. Exploited May 12, 2017. More than a  month from patch to exploit – and it was a bad exploit! UPDATE: Andy Greenberg at Wired just published an excellent story about Marcus Hutchins, the guy who corralled WannaCry.
    • Blaster – patched May 28, 2003. Exploited August 11, 2003. Almost three months.
    • Sasser – patched April 13, 2004. Exploited April 30, 2004. Two weeks to exploit, and that’s scary. But it was 16 years ago.

    Have I missed something? Can you find a zero-day exploit that was patched, and then widely exploited within a few weeks of the patch?