What is exploit wednesday?

Microsoft regularly releases patches on the second Tuesday of every month, commonly called patch Tuesday. Some attackers have reverse-engineered patches to identify the underlying vulnerability and then created methods to exploit the vulnerability. These attacks often start within a day after patch Tuesday, giving rise to the term exploit Wednesday.

Hackers find it challenging to find vulnerabilities and exploit a system that has not been patched even after the release of a patch (Patch Tuesday). Since the exploitation happens after release of the Patch on Patch Tuesday, it is known has exploit Wednesday.


As Symantec points out in their Security Response blog, a pattern has developed of exploits coming out on the Wednesday following Patch Tuesday.

One of the Microsoft patches in 2007 was for vulnerabilities in various versions of Microsoft Word. A sample Word document came into one of Symantec’s many honeypots around the world that crashed Word installations. It took a while for them to realize that the document had been created with Word for the Mac and that the exploits they found in the file were for that vulnerability.

Microsoft had confirmed that this exploit had been seen in the wild, perhaps in one of those narrow, targeted attacks. Users of the Windows versions of Office 2003 and 2007 cannot, by default, open these files.

Share This: