Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists. Even a couple of years ago, zero-day exploits were pretty rare. They have become a very serious threat to information security. Many of these zero-day flaws reside in browsers and popular 3rd party applications. In November 2009 alone, Microsoft announced zero-day flaws in IE 6 and 7 and a Windows 7 zero-day vulnerability. Zero day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS as well.
We got such a great response to a guest contribution by Perimeter CTO Kevin Prince over at our Network Security Edge site about his views on the top threats for this year that we asked him if we could use the information as the basis of this quick presentation.
You'll get a lot of useful info by clicking through these slides, but we strongly encourage you to check out Prince's full analysis of 2009's trends and his thoughts on the threats, both growing and persistent, facing your network.