Definition

What is a computer exploit?

Brien Posey

By

Brien Posey

Published: Jul 26, 2024

A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system. Threat actors commonly use exploits to gain access to target systems, where they might introduce malware or take other actions, usually with malicious intent. When used as a verb, the term exploit refers to the act of successfully carrying out such an attack.

A computer exploit might target software, firmware or hardware. Many exploits take advantage of weaknesses in operating systems, applications or other software, including application plugins and software libraries. Upon learning of a software exploit, the product's vendor will typically issue a fix, or patch, that addresses the vulnerability.

Patches are sometimes applied automatically to software, depending on the type of software and how it's configured. For example, users on the macOS operating system can enable automatic updates on their devices. The OS will check for updates automatically, download them when available, and install them immediately or at a time convenient to the user. Users can also enable automatic updates for applications they install from Apple's App Store.

Not all patches are applied automatically. In some cases, users must specifically check for updates or respond to prompts in the application notifying them when an update is available. In some cases, users must download an update manually from the vendor's website. Failure to install a patch can leave a system vulnerable to exploits and the possibility of a security breach.

Exploits are not limited to software. For example, hackers might develop exploits that target the custom chipsets used in enterprise systems. Specialized chipsets don't always receive the same level of security reviews given to more widely distributed chipsets, so threat actors will specifically target them. Hackers might also target outdated device firmware that contains known security issues, relying on poor patch management practices to exploit the vulnerabilities.

Types of computer exploits

Security exploits come in all shapes and sizes. Although some techniques are used more often than others, threat actors can choose from a wide range of hacking methods. When carrying out their attacks, they might also take advantage of broken authentication code or security misconfigurations. Here's a sampling of some ways hackers might penetrate secure systems:

Code injection. The insertion of malicious code into an application. The application executes or interprets the code along with legitimate code.
SQL injection. With SQL injection, malicious code is injected directly into a SQL command, causing the database server to run the code.
Cross-site scripting. With XSS, malicious code is attached to a trusted website in a way that it causes the user's browser to execute the code.
Cross-site request forgery. CSRF is often used in conjunction with a social engineering campaign to trick a website's authenticated users to carry out detrimental actions.
Denial of service. DoS involves flooding a computer or network with overwhelming amounts of traffic, preventing legitimate users from accessing resources or carrying out normal operations.
Man in the middle. MitM attacks intercept and potentially alter communications between two endpoints, making it possible to capture sensitive data and manipulate outcomes.

Diagram of 16 common types of cyberattacks. — Threat actors can choose from a wide range of hacking methods.

Computer exploits can be categorized in multiple ways, depending on how they work and are carried out. For example, exploits might be characterized by the expected result of the attack, such as denial of service, remote code execution, privilege escalation, malware delivery or other malicious goals. They might also be characterized by the type of vulnerability being exploited, including buffer overflow, injectable code, lack of proper input validation, configuration weaknesses and other vulnerabilities

A common approach to categorizing exploits is to group them into two broad categories: known or unknown. A known exploit is one that has been identified, documented and, as is often the case, addressed through a security patch that eliminates the vulnerability. Exploits might be made public by the vendors that own the software, organizations or researchers that specialize in cybersecurity, or even the threat actors who carry out the attacks.

An unknown exploit, also referred to as zero-day exploit, is one that takes advantage of a zero-day vulnerability. A zero-day vulnerability occurs when a piece of software -- usually an application or operating system -- contains a critical security vulnerability of which the vendor is unaware. The vulnerability becomes known only when a hacker is detected exploiting the vulnerability. Once such an exploit occurs, systems running the software are left vulnerable to an attack until the vendor releases a patch to correct the vulnerability and the patch is applied.

How do exploits occur?

Although exploits can occur in a variety of ways, one common method is for threat actors to launch their exploits from malicious websites. The victims might visit such a site by accident, or they might be tricked into clicking on a link to the site through a phishing email or malicious advertisement.

Malicious websites are sometimes configured with exploit kits -- software toolkits containing multiple exploits that target browser vulnerabilities. Cybercriminals might set up a website specifically to deliver an exploit kit, or they might hack into a legitimate website to launch the exploit kit from there. Exploit kits usually target Java-based software, unpatched browsers or browser plugins. They're commonly used to deploy malware onto the victim's computer.

Automated exploits, such as those launched by malicious websites, are often composed of two main components: the exploit code and the shellcode. The exploit code is the software that attempts to exploit a known vulnerability. The shellcode is the exploit's payload that is delivered once the target system is breached. The shellcode gets its name from the fact that some payloads open a command shell to run commands against the target system, although not all shellcode actually opens a command shell.

Famous vulnerabilities and exploits

In recent years, many high-profile exploits have been used to commit massive data breaches and malware attacks. In 2016, Yahoo announced a hack that had occurred years earlier, resulting in a leak of the data of 1 billion users. The attackers gained access to users' email accounts because the passwords were protected by MD5, a weak, outdated hashing algorithm.

A well-known recent exploit is EternalBlue, which seized upon a flaw in Windows Server Message Block, version 1 (SMBv1). The U.S. National Security Agency developed the exploit to gain access to Windows computers. The NSA used it for over five years before it was made public by the Shadow Brokers group. Soon after, Microsoft released a patch for the SMB vulnerability. However, EternalBlue was later used in the WannaCry and NotPetya ransomware attacks, which took advantage of unpatched systems.

In September 2017, credit-reporting firm Equifax announced that it had suffered a massive data breach. Attackers had exploited a critical vulnerability in the Apache Struts framework, which was used in one of the company's web applications. Although a patch had been released earlier that year to address the flaw, Equifax failed to update its web app until after the attackers were detected.

In 2023, Microsoft reported that a Russian-based cybercriminal group, dubbed Storm-0978, exploited a remote code execution vulnerability in Windows Search as part of an espionage phishing campaign and ransomware attack. The group targeted government and defense organizations in North America and Europe.

This year, the Common Vulnerabilities and Exposures (CVE) reference dictionary published CVE-2024-4947, which describes a vulnerability in the Google Chrome browser that permitted a remote attacker to use a crafted HTML page to execute arbitrary code inside a sandbox. Not long after, the CSV published CVE-2024-5274, which details another Chrome vulnerability that permits the execution of arbitrary code inside a sandbox. CVE-2024-5274 is reportedly the fourth zero-day vulnerability Google had to patch in May 2024.

Companies must understand how they're being attacked to stop cybercrime. Learn about 16 common types of cyberattacks and how to prevent them.

Continue Reading About What is a computer exploit?

Why effective cybersecurity is important for businesses

Ransomware distribution methods popular with attackers

SolarWinds hack explained: Everything you need to know

Cisco discloses high severity vulnerability, PoC available

Phoenix SecureCore UEFI firmware bug affects Intel processors

Dig Deeper on Threats and vulnerabilities

Networking

3 pillars to enhance networks for agentic AI infrastructure
Agentic AI requires better network infrastructure to prevent wasted GPU capacity, built on three principles: simplified ...
DOJ clears road for HPE's $14B Juniper Networks acquisition
HPE will need to sell off its Instant On wireless networking business and license source code for Juniper's Mist AIOps software.
Cisco Live 2025 conference coverage and analysis
Cisco Live 2025 largely focused on the need to modernize infrastructure with AI capabilities. Use this guide to get all the ...

Search CIO

In an FTC antitrust win, Meta could face divestitures
The FTC argues that Meta acquired Instagram and WhatsApp to eliminate competition in social media networks. If the FTC wins its ...
Google settlement may affect DOJ antitrust remedies
Google faces numerous antitrust challenges and has agreed to spend $500 million revamping its regulatory compliance structure in ...
Trump wants to axe rules affecting business competition
As the FTC and DOJ work to assess what rules to cut, lawmakers disagree on how deregulation will affect U.S. markets.

Search Enterprise Desktop

Comparing MSI vs. MSIX
While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...
How to perform an in-place upgrade to Windows 11
While they have some disadvantages, in-place Windows upgrades can deliver a smooth transition between the OSes with minimal IT ...
How to set up Windows Hello for Business, step by step
Licensing for Windows Hello for Business is a simple process, but the setup involves making several decisions, including how to ...

Cloud Computing

Prioritize security from the edge to the cloud
Businesses can find security vulnerabilities when they push their workloads to the edge. Discover the pitfalls of cloud edge ...
6 edge monitoring best practices in the cloud
When it comes to application monitoring, edge workloads are outliers -- literally and metaphorically. Learn what sets them apart ...
Google Cloud, Cloudflare struck by widespread outages
Multiple companies investigated a widespread outage Thursday. Google Cloud later said it was due to a faulty API update and ...

ComputerWeekly.com

ING Bank transforming operations through agentic AI
Netherlands-headquartered international bank is using artificial intelligence throughout its operations
Openreach adds 21 locations in broadband upgrade footprint
UK’s largest broadband network provider makes significant addition to infrastructure, staying on track to make full-fibre gigabit...
NetApp: Not just NAS filers, and a comprehensive cloud strategy
NetApp market share has slipped, but it has built out storage across file, block and object, plus capex purchasing, Kubernetes ...

Close