Zero-day exploits these days are generally defined as attacks that target publicly known but still-unpatched vulnerabilities. Examples of such threats include an object tag flaw in Microsoft Corp.'s Internet Explorer Web browser made public in April and the more recent the Vector Markup Language (VML) vulnerability in IE. Both were considered zero-day threats because they were publicly disclosed, and exploited, before Microsoft had a chance to issue patches.

"According to accepted wisdom, organizations face the greatest danger when an attack or exploit targeting [such vulnerabilities] is verified in the wild," said Alan Shimel, chief strategy officer at StillSecure in Superior, Colo.

While that danger is obvious, it is equally important that companies remain on guard for undisclosed vulnerabilities or "less than zero-day" flaws that are unknown to anybody but attackers, Shimel said. Typically, such flaws are discovered only after they have been successfully exploited in an attack and are much harder to detect and stop using most standard antimalware tools, he said.

"People now think of zero day as the time [between] when a vulnerability becomes known to when a patch becomes available," Shimel said, adding that companies still tend to rely on patches and similar fixes to address the problem.

The definition of zero-day exploits does not generally include unknown vulnerabilities that also exist and are already being quietly exploited. "Somewhere along the line, our definition of a zero-day attack got changed" to mean only those vulnerabilities that have been made public, Shimel said. "It's time to put the emphasis back on the unknown attacks out there."