Zero-day are exploited on a massive scale in increasingly shorter timeframes
According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide.
The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability and remarked on the importance of the patch management process.
“As cyber threat actors—both nation state and criminal—become more adept at leveraging these vulnerabilities, we have observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability. This makes it essential that organizations patch exploits immediately.” reads the report. Microsoft noted that it only takes 14 days on average for the exploitation of the flaw in the wild after its public disclosure, and it takes 60 days for the release of the exploit code on GitHub.