New site offers zero-day tracker

eEye site, launched Tuesday, tracks publicly released unpatched security bugs and offers suggestions for protecting against them.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
eEye Digital Security has launched a Web site that tracks publicly released security bugs that don't have an official patch, also known as zero-day flaws.

The new eEye Zero-Day Tracker Web site on Tuesday listed seven zero-day vulnerabilities, six of which affect Microsoft software and one related to Adobe Systems' Acrobat. For each of the problems, eEye suggests steps people can take to protect against exploitation of the flaws.

"More zero-day security vulnerabilities and attacks are being discovered every day," Marc Maiffret, eEye's chief technology officer, said in a statement. "We've been overwhelmed by requests from our customers to give them the information and time they need to protect their networks."

Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also track unpatched flaws. However, these companies don't offer a simple overview of all zero-days. Secunia lists them by product, for example.

There has been an apparent increase this year in the use of new, yet-to-be-patched flaws in targeted cyberattacks. Cybercrooks have found that they could take advantage of Microsoft's monthly patch cycle by timing new attacks right after the software maker releases its fixes.

Microsoft's patch day is on the second Tuesday of each month, and the company doesn't break its cycle unless an attack has a widespread impact. As a result, security experts have coined the term "Zero-day Wednesdays."

Flaws in Office applications especially seem to be favored by the bad guys. Microsoft and security companies have repeatedly had to issue warnings this year about new, small-scale attacks that exploit yet-to-be-plugged security holes in applications such as Word, PowerPoint and Excel.