A patch in time helps in preventing exploits. At the time of writing this article, the POODLE vulnerability was the biggest vulnerability known to people which made SSL 3.0 prone to exploits.
What are Exploits
Exploits are based on vulnerabilities – before they are patched. They allow hackers and attackers to run malicious code on your computer, without you even bing aware of it. The common Exploits our in Java, Doc & PDF documents, JavaScript and HTML. One can define exploits as: Thus, it is clear that “exploits” follow “vulnerabilities”. If a web criminal detects a vulnerability in any of the products on the Internet or elsewhere, she or he may attack the system containing the vulnerability to gain something or to deprive authorized users of using the product properly. Zero-day vulnerability is a hole in software, firmware or hardware that is not yet known to the user, vendor or developer, and is exploited by hackers, before a patch for it is issued. Such attacks are called Zero-day exploits.
What are Exploit Kits
Exploit Kits are malicious toolkits that can be used to exploit vulnerabilities or security holes found in software and services. In short, they help you exploit vulnerabilities. These exploit kits contain a good GUI interface to help even average users of the computer and Internet to target different vulnerabilities. Such kits are these days available freely on the Internet and come with Help documents so that the buyers of the service can use the kits effectively. They are illegal but are yet available and security agencies cannot do much about it, as the buyers and sellers go anonymous. Exploit kits are readily available on the Internet. You need not go into the Darknet or Deepnet to purchase an exploit kit as standalone software or as a SaaS (software as a service). Though it is much available in the Darknet, payments are to be made in an electronic currency such as the Bitcoins. There are many malicious hacker forums on the normal Internet that sell the exploit kits as a whole or as a service. According to Microsoft, The exploit kits are constantly upgraded – to eliminate vulnerabilities that have been patched and to add new exploits for new vulnerabilities. It is a pity that the web criminals find out vulnerabilities before the software vendors and developers do it. This makes it a high-income business that lures many into purchasing the kits and exploiting the different products for their own advantage. The main software targeted are Windows, Java, Internet Explorer, Adobe Flash, etc – possibly due to their immense popularity and usage. Apart from keeping your operating system and installed software up-to-date at all times and installing a good Internet security software, tools like SecPod Saner Free can help you identify and patch vulnerabilities and protect yourself against such attacks.