The term "ZeroDay vulnerability" refers to software vulnerabilities that attackers exploit before the software vendor becomes aware and releases a fix or patch. Zeroday vulnerabilities are quickly detected and patched by the anomaly detection systems and threat intelligence systems of global vendors such as Microsoft and Google.
In contrast, an N-day vulnerability is a known vulnerability for which a patch or fix is available, but the organization has not yet taken the appropriate steps to apply the patch, leaving the system exposed to potential exploitation. Google's Threat Intelligence Team announced in their Threat Trends Report that, on average, vulnerabilities are exploited within six months after a patch is released. Threat actors continue to prioritize using documented vulnerabilities over discovering new ones because analyzing already patched vulnerabilities can effectively reduce attack costs.
As the number of newly discovered and disclosed vulnerabilities increases each year, organizations face growing challenges in determining effective patch prioritization strategies to genuinely lower exploitation risks. While predicting which vulnerabilities will be exploited remains difficult, understanding the trends of newly discovered vulnerabilities and recognizing high-impact attack surfaces can help prioritize cyber threat responses and set patch timeframes for specific vendors or products. Though it may not prevent all impacts, understanding commonly targeted and likely-to-be-exploited vulnerabilities increases the chances of limiting or preventing damage from exploitation of vulnerable systems.
We provide ongoing reports on security patch analysis and Proof of Concept (PoC) for operating system and software vulnerabilities. This service is based on high-impact vulnerabilities that have not been publicly disclosed. The vulnerability patch analysis report helps security managers and vulnerability researchers understand influential attack surfaces.
Additionally, by providing PoC code, we offer a comprehensive understanding of how the input vectors causing vulnerabilities affect software code coverage, enabling precise actions to be taken against vulnerabilities. Our goal is to support vulnerability researchers and security engineers in quickly understanding and recognizing high-risk vulnerabilities before they are exploited by threat actors, ensuring timely responses. This means our reports and PoC code are typically provided within one month of the patch release.
The scope of our security patch analysis service focuses on the most widely exploited software vendor products. As many cyber threat trend reports indicate, vulnerabilities in numerous open-source software, including those from Microsoft and Google, pose significant cyber threats. Among the numerous patches regularly released by each vendor (some vendors, like Microsoft, have scheduled patch days such as Patch Tuesday), we select high-impact vulnerabilities for analysis based on the Common Vulnerability Scoring System (CVSS) metrics.
Attack Vector + Attack Complexity + Required Permissions + User Interaction
We also provide patch analysis reports for attack surfaces with a large number of released patches. If a large number of patches are released at the same time through the same attack vector, it indicates a new threat trend. Additionally, we address severe threat vulnerabilities found in the wild (ITW). However, if more detailed references and PoC code are available elsewhere, we will not include them in our report service. Our service primarily provides analysis reports on non-public vulnerability patches and PoC code to trigger vulnerabilities.
Please read these Terms of Service carefully before registering for the PATCHPOINT website and services. These Terms of Service ("Agreement") govern your access to and use of the patchpoint.io website and paid content. By using PATCHPOINT's website and paid content, you ("Service Subscriber") agree to accept and be bound by these terms, forming a binding contract between you and PATCHPOINT as described below.
1.a. Your use of PATCHPOINT's services and website (collectively referred to as "Services" unless explicitly excluded under a separate written agreement with PATCHPOINT) is governed by the legal terms of this Agreement between you and PATCHPOINT. This document explains how the contract is formed and specifies some of its terms.
1.b. Unless otherwise agreed in writing, this Agreement includes at a minimum the terms set out in this document. This legal Agreement is referred to as the "Terms."
2.a. To use the Services, you must first agree to the Terms. You cannot use the Services if you do not agree to the Terms.
2.b. You can accept the Terms by (A) clicking to agree or accept the Terms when provided by PATCHPOINT in the user interface or (B) actually using the Services. In this case, you understand and agree that PATCHPOINT will treat your use of the Services as acceptance of the Terms from that point onwards.
2.c. You may not use the Services or accept the Terms if you (a) are not of legal age to form a binding contract with PATCHPOINT, or (b) are a person barred from receiving the Services under the laws of the United States or other countries, including the country in which you reside or from which you use the Services.
2.d. A copy of these Terms will be emailed to you upon subscription for record-keeping purposes, and you are encouraged to print or save a local copy.
3.a. If PATCHPOINT provides a translation of the English version of the Terms, it is for your convenience only. The English version governs your relationship with PATCHPOINT.
3.b. In case of any discrepancies between the English version and the translated version, the English version takes precedence.
4.a. Taxes. Paid subscription service users are responsible for all sales, use, and other similar taxes arising from the use of PATCHPOINT products, excluding taxes based on PATCHPOINT's income or profits.
4.b. Payment Delinquency. If payments are delinquent, your access to PATCHPOINT products will be terminated.
4.c. Subscribers acknowledge and agree that PATCHPOINT is not obligated to refund any service fees if the relationship ends due to the subscriber's willful or negligent actions as outlined in Sections 6, 7, 8, 9, and 10.
4.d. PATCHPOINT is not obligated to refund service fees for cancellations due to the subscriber's change of mind during the subscription period.
5.a. PATCHPOINT may have subsidiaries and affiliated legal entities ("Subsidiaries and Affiliates") that provide the Services on its behalf. You acknowledge and agree that these entities are entitled to provide the Services to you.
5.b. PATCHPOINT continually strives to improve its Services. You acknowledge and agree that the form and nature of the Services may change from time to time without prior notice.
5.c. As part of ongoing innovation, PATCHPOINT may stop (permanently or temporarily) providing the Services (or any features within the Services) to you or users generally at PATCHPOINT's sole discretion, without prior notice. You may stop using the Services at any time, without needing to inform PATCHPOINT.
5.d. If PATCHPOINT disables access to your account, you may be prevented from accessing the Services, your account details, or any files or other content contained in your account.
6.a. To access certain Services, you may be required to provide information about yourself (such as identification or contact details) as part of the registration process or as part of your continued use of the Services. You agree that any registration information you give to PATCHPOINT will always be accurate, correct, and up to date.
6.b. You agree to use the Services only for purposes permitted by (a) the Terms and (b) any applicable laws, regulations, or generally accepted practices or guidelines in relevant jurisdictions.
6.c. You agree not to access (or attempt to access) the Services by any means other than through the interface provided by PATCHPOINT unless you have been specifically allowed to do so in a separate agreement. Specifically, you agree not to use automated means (including scripts or web crawlers) to access the Services.
6.d. You agree not to engage in any activity that interferes with or disrupts the Services or the servers and networks connected to the Services.
6.e. Unless you have a separate written agreement with PATCHPOINT or are specifically permitted to do so, you agree not to reproduce, duplicate, copy, sell, trade, or resell the Services for any purpose.
6.f. You are solely responsible for (and PATCHPOINT has no responsibility to you or any third party for) any breach of your obligations under the Terms and for the consequences of such breach (including any loss or damage PATCHPOINT may suffer).
6.g. You acknowledge and agree that if you use PATCHPOINT's information or materials, you must attribute the use to PATCHPOINT. Additionally, any reference materials that include or are based on PATCHPOINT information must clearly indicate PATCHPOINT's ownership and copyright.
6.h. If you have been granted academic or research access to your PATCHPOINT account, you acknowledge that such services are for non-commercial research and academic use only, and cannot be used for any commercial activities unless specifically authorized.
6.i. If you have academic or research access, you must be affiliated with an academic or research institution and use an institutional email address for registration. You cannot change the associated email address, and PATCHPOINT may disable your account if any modification attempts are detected.
7.a. You are responsible for maintaining the confidentiality of passwords associated with any account you use to access the Services.
7.b. You agree to be solely responsible to PATCHPOINT for all activities that occur under your account.
7.c. If you become aware of any unauthorized use of your password or account, you agree to notify PATCHPOINT immediately.
7.d. PATCHPOINT may suspend or cancel your account if unauthorized sharing or access to materials is detected.
8.a. You acknowledge and agree that PATCHPOINT (or PATCHPOINT's licensors) owns all legal rights, titles, and interests in and to the Services, including any intellectual property rights which subsist in the Services (whether registered or not, and wherever in the world those rights may exist). You also acknowledge that the Services may contain information designated as confidential by PATCHPOINT and that you will not disclose such information without PATCHPOINT's prior written consent.
8.b. Unless you have agreed otherwise in writing with PATCHPOINT, nothing in the Terms gives you a right to use any of PATCHPOINT's trade names, trademarks, service marks, logos, domain names, and other distinctive brand features.
8.c. If you have been given explicit permission to use any of these brand features, you agree to use them in accordance with the Terms and any guidelines provided by PATCHPOINT.
8.d. PATCHPOINT acknowledges and agrees that it obtains no right, title, or interest from you (or your licensors) under these Terms in or to any content you submit, post, transmit, or display on, or through, the Services, including any intellectual property rights. Unless otherwise agreed in writing, you are responsible for protecting and enforcing those rights, and PATCHPOINT has no obligation to do so on your behalf.
8.e. You agree not to remove, obscure, or alter any proprietary rights notices (including copyright and trademark notices) that may be affixed to or contained within the Services.
8.f. Unless expressly authorized in writing by PATCHPOINT, you agree not to use any trade name, trademark, service mark, logo, or other distinctive brand feature of any company or organization in a way that is likely to cause confusion about the owner or authorized user of such marks.
9.a. You understand that all information (such as data files, written text, computer software, or other images) which you may have access to as part of, or through your use of, the Services is the sole responsibility of the person from whom such content originated. This information is referred to as "Content."
9.b. Unless you have been expressly permitted to do so in a separate agreement with PATCHPOINT, you agree not to modify, rent, lease, loan, sell, distribute, or create derivative works based on this Content (either in whole or in part).
9.c. PATCHPOINT reserves the right (but shall have no obligation) to pre-screen, review, flag, filter, modify, refuse, or remove any or all Content from any Service.
9.d. Commercially available services and software can restrict access to materials that you may find objectionable.
9.e. You understand that by using the Services, you may be exposed to Content that you find offensive or objectionable and that, in this respect, you use the Services at your own risk.
9.f. You are solely responsible for any Content you create, transmit, or display while using the Services and for the consequences of your actions (including any loss or damage PATCHPOINT may suffer).
10.a. These Terms will continue to apply until terminated by either you or PATCHPOINT as set out below.
10.b. If you want to terminate your legal agreement with PATCHPOINT, you may do so by (a) notifying PATCHPOINT at any time at official@patchpoint.io and (b) closing your accounts for all of the Services which you use, where PATCHPOINT has made this option available to you.
10.c. PATCHPOINT may at any time terminate its legal agreement with you if (A) you have breached any provision of the Terms (or have acted in a manner that clearly shows you do not intend to, or are unable to comply with, the provisions of the Terms); (B) PATCHPOINT is required to do so by law (for example, where the provision of the Services to you is or becomes unlawful); (C) the partner with whom PATCHPOINT offered the Services to you has terminated its relationship with PATCHPOINT or ceased to offer the Services to you; (D) PATCHPOINT is transitioning to no longer providing the Services to users in the country in which you are resident or from which you use the Services; or (E) the provision of the Services to you by PATCHPOINT is, in PATCHPOINT's opinion, no longer commercially viable.
11.a. You expressly understand and agree that your use of the Services is at your sole risk and that the Services are provided "as is" and "as available."
11.b. In particular, PATCHPOINT, its Subsidiaries and Affiliates, and its licensors do not represent or warrant to you that (a) your use of the Services will meet your requirements, (b) your use of the Services will be uninterrupted, timely, secure, or free from error, (c) any information obtained by you as a result of your use of the Services will be accurate or reliable, and (d) that defects in the operation or functionality of any software provided to you as part of the Services will be corrected.
11.c. Any material downloaded or otherwise obtained through the use of the Services is done at your discretion and risk, and you are solely responsible for any damage to your computer system or other device or loss of data that results from downloading any such material.
11.d. No advice or information, whether oral or written, obtained by you from PATCHPOINT or through or from the Services shall create any warranty not expressly stated in the Terms.
11.e. PATCHPOINT further expressly disclaims all warranties and conditions of any kind, whether express or implied, including, but not limited to the implied warranties and conditions of merchantability, fitness for a particular purpose, and non-infringement.
12.a. You expressly understand and agree that PATCHPOINT, its Subsidiaries and Affiliates, and its licensors shall not be liable to you for (a) any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data, or other intangible losses (even if PATCHPOINT has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the Services; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information, or services purchased or obtained or messages received or transactions entered into through or from the Services; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the Services; or (v) any other matter relating to the Services.
12.b. The limitations on PATCHPOINT's liability to you in paragraph 12.a above shall apply whether or not PATCHPOINT has been advised of or should have been aware of the possibility of any such losses arising.
13.a. The Services may include hyperlinks to other websites or content or resources. PATCHPOINT may have no control over any websites or resources which are provided by companies or persons other than PATCHPOINT.
13.b. You acknowledge and agree that PATCHPOINT is not responsible for the availability of any such external sites or resources, and does not endorse any advertising, products, or other materials on or available from such websites or resources.
13.c. You acknowledge and agree that PATCHPOINT is not liable for any loss or damage
14.a. PATCHPOINT reserves the right to modify the Terms at any time.
14.b. You understand and agree that if you use the Services after the date on which the Terms have changed, PATCHPOINT will treat your use as acceptance of the updated Terms.