Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
$ 70.99|https://store.pandasecurity.com/300/purl-dome-y?currencies=USS&x-track=55499&cart=iA01YPDA0S01&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190884|$ 53.24|$;PREFIX;.;,;70;99;53;24

What is an exploit?

An exploit is an IT program, software or a command sequence that takes advantage of an error or vulnerability to provoke certain behavior in software, hardware or any electronic device.

Such behavior includes, in general, taking control of a system, granting of administrator privileges to an intruder or launching denial of service attacks (DoS or DDoS).

Types of exploits

A remote vulnerability spreads via a network and exploits security flaws without having prior access to the compromised system.

On the other hand, a local vulnerability does need for there to have been prior access to the vulnerable system, normally with the intention of increasing the privileges of the person who will launch the exploit.

There are also specific exploits against client applications (those that require contact with a server) that normally begin by configuring the server to launch the exploit onto a computer. Vulnerabilities on client applications may also require certain interaction with users, and are sometimes used along with social engineering to trick the victims of the attack.

Zero-day exploits

Zero-day exploits are security holes in software that were undiscovered prior to the attack. From the moment of the first attack until the time when the vulnerability is resolved, there is a period when hackers can exploit it to gain the maximum possible impact on programs, data, other computers or the entire network.

Exploits that target this type of vulnerability are therefore called zero-day exploits. The greater the attack scope and the fewer days that have passed since the zero-day, the more probable it is that no solution or workaround will have been developed and the damage will be more extensive.

Even after the fix has been developed, initially not all users will have applied it. The case of WannaCry was a paradigm in this sense: the malware used a Windows exploit developed by the US Security Agency and previously exposed by WikiLeaks.

The problem was initially corrected by Microsoft with a patch, but all computers that had not updated in the following days were still vulnerable. As computers that had not been used over the weekend started up on Monday, a second wave of propagation began.

Hidden threat

When an exploit is made public, the software developers take action: the vulnerability is fixed -often with a patch- and the exploit is rendered unusable. For this reason some black hat hackers, as well as hackers working for the military or intelligence services, do not release details of these exploits in order that they can continue to use them.

Many exploits are designed to provide system access to administrators or superusers. However, it is also possible that hackers can take advantage of exploits to the same end: initially to obtain low level access, then repeatedly gaining higher privileges until they have the highest level of administrator rights (also called root level).

NEXT-GENERATION ANTIVIRUS

PANDA DOME

Keep all your devices safe with Panda Dome antivirus and anti-malware.

Subscribe now and secure an unlimited* number of devices: from laptops to smartphones, tablets and smartwatches.

Protect yourself with Panda Security