Not sure where the downvoters are coming off - while, logically, I agree with most that "zero day" should mean the vendor has had zero days to patch the bug, in practice, I frequently see it to mean a vulnerability for which no vendor patch or workaround exists. I realize that is nonsensical, but it's a common usage. It's basically a short hand for saying, "There is no way to defend yourself against this other than completely shutting down or removing the subsystem."